Apple GarageBand < 5.1 Information Disclosure

low Nessus Network Monitor Plugin ID 5118

Synopsis

The remote host is vulnerable to an information disclosure vulnerability.

Description

The remote host is running Apple GarageBand, an application used to created music. The installed version of GarageBand is earlier than 5.1. Such versions potentially are affected by an issue caused by GarageBand changing the Apple Safari browser's preferences to cause the browser to accept cookies from third party sites. An attacker could exploit this to obtain sensitive information and track a user's web activities.

Solution

Upgrade to Apple GarageBand 5.1 or later.

See Also

http://www.securityfocus.com/advisories/17543

Plugin Details

Severity: Low

ID: 5118

Family: Generic

Published: 8/4/2009

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:garageband

Patch Publication Date: 8/4/2009

Vulnerability Publication Date: 8/4/2009

Reference Information

CVE: CVE-2009-2198

BID: 35926