Apple updates Remote Desktop Admin for Snow Leopard [u]

in Mac Software edited January 2014
Apple on Monday released an update to its Remote Desktop Admin network management solution for legacy OS X 10.6 Snow Leopard machines, bringing the software up to 3.5.3.

Apple Remote Desktop

Update: According to the update's full release information posted on Apple's support website, the 3.5.3 update patches a security flaw regarding possible information disclosure when connected to a third-party VNC server.

From the release notes:
Apple Remote Desktop 3.5.3

Available for: Apple Remote Desktop 3.0 or later

Impact: Connecting to a third-party VNC server with "Encrypt all network data" set may lead to information disclosure

Description: When connecting to a third-party VNC server with "Encrypt all network data" set, data is not encrypted and no warning is produced. This issue is addressed by creating an SSH tunnel for the VNC connection in this configuration, and preventing the connection if the SSH tunnel cannot be created. This issue does not affect Apple Remote Desktop 3.5.1 and earlier.
The contents of the update have yet to be released, however version 3.5.3 doesn't appear to come with any major changes, according to the software's download page.

Apple Remote Desktop 3.5.3 Admin weighs in at 26.6MB and can be downloaded via Apple's Support Page and Software Update.


  • Reply 1 of 1
    Some guy from Central Connecticut State University found the bug. Got front page billing on the websites of several local papers. Tells you how interesting Connecticut is most days.
Sign In or Register to comment.