CVE-2009-0152
First published: Wed May 13 2009(Updated: )
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS Yosemite | >=10.5.0<10.5.7 | |
| Apple Mac OS X Server | >=10.5.0<10.5.7 | |
| Apple Mac OS X Server | =10.5.2 | |
| macOS Yosemite | =10.5.6 | |
| macOS Yosemite | =10.5.5 | |
| Apple Mac OS X Server | =10.5.5 | |
| macOS Yosemite | =10.5.1 | |
| Apple Mac OS X Server | =10.5.1 | |
| Apple Mac OS X Server | =10.5.6 | |
| macOS Yosemite | =10.5.3 | |
| macOS Yosemite | =10.5.0 | |
| Apple Mac OS X Server | =10.5.0 | |
| Apple Mac OS X Server | =10.5.3 | |
| Apple Mac OS X Server | =10.5.4 | |
| macOS Yosemite | =10.5.2 | |
| macOS Yosemite | =10.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://support.apple.com/kb/HT3549
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- http://www.securityfocus.com/bid/34926
- http://secunia.com/advisories/35074
- http://www.securitytracker.com/id?1022212
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50487
Frequently Asked Questions
What is the severity of CVE-2009-0152?
CVE-2009-0152 is classified as a medium severity vulnerability.
How do I fix CVE-2009-0152?
To fix CVE-2009-0152, update your Apple Mac OS X to version 10.5.7 or later.
What versions of Mac OS X are affected by CVE-2009-0152?
CVE-2009-0152 affects Apple Mac OS X versions 10.5.0 through 10.5.6.
What kind of information can be compromised due to CVE-2009-0152?
Due to CVE-2009-0152, sensitive information transmitted via AOL Instant Messenger (AIM) could be compromised.
How does CVE-2009-0152 affect SSL settings in iChat?
CVE-2009-0152 causes iChat to disable SSL for AIM communication, ignoring user-configured SSL settings.
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- vendor/apple
- canonical/macos yosemite
- version/macos yosemite/10.5.0
- canonical/apple mac os x server
- version/apple mac os x server/10.5.0
- version/apple mac os x server/10.5.2
- version/macos yosemite/10.5.6
- version/macos yosemite/10.5.5
- version/apple mac os x server/10.5.5
- version/macos yosemite/10.5.1
- version/apple mac os x server/10.5.1
- version/apple mac os x server/10.5.6
- version/macos yosemite/10.5.3
- version/apple mac os x server/10.5.3
- version/apple mac os x server/10.5.4
- version/macos yosemite/10.5.2
- version/macos yosemite/10.5.4