The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.
Base Score: 4.8
Impact Score: 4.9
Exploitability Score: 6.5
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.10.4 (inclusive)
View all (2 total)