Arbitrary Code Execution Vulnerability in Apple Mac OS X User Documentation Component

Arbitrary Code Execution Vulnerability in Apple Mac OS X User Documentation Component

CVE-2011-3224 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.

Learn more about our Cis Benchmark Audit For Server Software.