SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Spotlight Mail Preview Function Bypasses Mail Privacy Preferences
SecurityTracker Alert ID:  1031521
SecurityTracker URL:  http://securitytracker.com/id/1031521
CVE Reference:   CVE-2014-8839   (Links to External Site)
Updated:  Jan 28 2015
Original Entry Date:  Jan 12 2015
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 10.10, 10.10.1
Description:   A vulnerability was reported in Apple OS X. A remote user can obtain IP address information in certain cases.

When the target user previews an email message via Spotlight search results, the system retrieves any images within the email message that are stored on a remote server, regardless of the target user's Mail privacy preferences.

The original advisory is available at:

http://heise.de/newsticker/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html

John Whitehead of The New York Times, Frode Moe of LastFriday.no, and Heise reported this vulnerability.

Impact:   A remote user can obtain IP address information in certain cases.
Solution:   The vendor has issued a fix (10.10.2).

The vendor's advisory is available at:

http://support.apple.com/en-us/HT204244

Vendor URL:  support.apple.com/en-us/HT204244 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC