Vulnerability identifier: #VU42436
Vulnerability risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
macOS
Operating systems & Components /
Operating system
Vendor: Apple Inc.
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state.
Mitigation
Install update from vendor's website.
Vulnerable software versions
macOS: 10.8.0 - 10.8.5
External links
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.