Description
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
References (8)
Core 8
Core References
Patch, Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3549
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35074
Mailing List, Patch, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50487
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34926
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022212
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1297
Scores
CVSS v3
7.5
EPSS
0.0217
EPSS Percentile
80.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (2)
apple/mac_os_x
10.5.0 - 10.5.7
apple/mac_os_x_server
10.5.0 - 10.5.7
Published
May 13, 2009
Tracked Since
Feb 18, 2026