Apple GarageBand < 5.1 Information Disclosure

Medium Nessus Network Monitor Plugin ID 5118

Synopsis

The remote host is vulnerable to an information disclosure vulnerability.

Description

The remote host is running Apple GarageBand, an application used to created music. The installed version of GarageBand is earlier than 5.1. Such versions potentially are affected by an issue caused by GarageBand changing the Apple Safari browser's preferences to cause the browser to accept cookies from third party sites. An attacker could exploit this to obtain sensitive information and track a user's web activities.

Solution

Upgrade to Apple GarageBand 5.1 or later.

See Also

http://www.securityfocus.com/advisories/17543

Plugin Details

Severity: Medium

ID: 5118

File Name: 5118.prm

Family: Generic

Published: 2009/08/04

Modified: 2016/01/21

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2009/08/04

Vulnerability Publication Date: 2009/08/04

Reference Information

CVE: CVE-2009-2198

BID: 35926