Sign-up

ID

VAR-200908-0264


CVE

CVE-2009-2198


TITLE

Apple GarageBand Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 35926 // CNNVD: CNNVD-200908-506

DESCRIPTION

Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. Apple GarageBand is prone to an information-disclosure vulnerability. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in tracking a user's web activities. This issue affects versions prior to GarageBand 5.1 for Mac OS X 10.5.7. Apple GarageBand is a set of music production software from Apple (Apple). ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple GarageBand Web Activity Tracking Disclosure SECUNIA ADVISORY ID: SA36114 VERIFY ADVISORY: http://secunia.com/advisories/36114/ DESCRIPTION: A security issue has been reported in GarageBand, which can be exploited by malicious people to gain knowledge of sensitive information. The problem is caused due to Safari's preferences being changed to always accept cookies when opening GarageBand. This could allow third parties and advertisers to track a user's web activity. SOLUTION: Update to version 5.1. http://support.apple.com/downloads/GarageBand_5_1 NOTE: Users of previous versions should also check that their Safari preferences are set as desired. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3732 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-2198 // JVNDB: JVNDB-2009-001971 // BID: 35926 // VULHUB: VHN-39644 // PACKETSTORM: 79912

AFFECTED PRODUCTS

vendor:applemodel:garagebandscope:eqversion:4.1.2

Trust: 1.6

vendor:applemodel:garagebandscope:eqversion:5.0.1

Trust: 1.6

vendor:applemodel:garagebandscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:garagebandscope:eqversion:4.1.1

Trust: 1.6

vendor:applemodel:garagebandscope:lteversion:5.0.2

Trust: 1.0

vendor:applemodel:garagebandscope:eqversion:5.0.2

Trust: 0.9

vendor:applemodel:mac os xscope:eqversion:v10.5.7

Trust: 0.8

vendor:applemodel:garagebandscope:neversion:5.1

Trust: 0.3

sources: BID: 35926 // JVNDB: JVNDB-2009-001971 // CNNVD: CNNVD-200908-506 // NVD: CVE-2009-2198

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2198
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2198
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200908-506
value: MEDIUM

Trust: 0.6

VULHUB: VHN-39644
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2198
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39644
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39644 // JVNDB: JVNDB-2009-001971 // CNNVD: CNNVD-200908-506 // NVD: CVE-2009-2198

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-39644 // JVNDB: JVNDB-2009-001971 // NVD: CVE-2009-2198

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200908-506

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200908-506

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001971

PATCH
title:HT3732url:http://support.apple.com/kb/HT3732
Trust: 0.8
title:HT3732url:http://support.apple.com/kb/HT3732?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-001971

EXTERNAL IDS
db:NVDid:CVE-2009-2198
Trust: 2.8
db:BIDid:35926
Trust: 2.8
db:SECUNIAid:36114
Trust: 2.6
db:SECTRACKid:1022649
Trust: 2.5
db:VUPENid:ADV-2009-2141
Trust: 2.5
db:OSVDBid:56738
Trust: 2.5
db:XFid:52248
Trust: 1.4
db:JVNDBid:JVNDB-2009-001971
Trust: 0.8
db:CNNVDid:CNNVD-200908-506
Trust: 0.7
db:APPLEid:APPLE-SA-2009-08-03-1
Trust: 0.6
db:VULHUBid:VHN-39644
Trust: 0.1
db:PACKETSTORMid:79912
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39644 // 
            
            
            
            BID: 35926 // 
            
            
            
            JVNDB: JVNDB-2009-001971 // 
            
            
            
            PACKETSTORM: 79912 // 
            
            
            
            CNNVD: CNNVD-200908-506 // 
            
            
            
            NVD: CVE-2009-2198

REFERENCES
url:http://www.securityfocus.com/bid/35926
Trust: 2.5
url:http://osvdb.org/56738
Trust: 2.5
url:http://www.securitytracker.com/id?1022649
Trust: 2.5
url:http://secunia.com/advisories/36114
Trust: 2.5
url:http://www.vupen.com/english/advisories/2009/2141
Trust: 2.5
url:http://support.apple.com/kb/ht3732
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2009/aug/msg00000.html
Trust: 1.7
url:http://xforce.iss.net/xforce/xfdb/52248
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/52248
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2198
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2198
Trust: 0.8
url:http://www.apple.com/ilife/garageband/
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://support.apple.com/downloads/garageband_5_1
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/36114/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39644 // 
            
            
            
            BID: 35926 // 
            
            
            
            JVNDB: JVNDB-2009-001971 // 
            
            
            
            PACKETSTORM: 79912 // 
            
            
            
            CNNVD: CNNVD-200908-506 // 
            
            
            
            NVD: CVE-2009-2198

CREDITS
Apple
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200908-506

SOURCES
db:VULHUBid:VHN-39644
db:BIDid:35926
db:JVNDBid:JVNDB-2009-001971
db:PACKETSTORMid:79912
db:CNNVDid:CNNVD-200908-506
db:NVDid:CVE-2009-2198

LAST UPDATE DATE
2025-04-10T23:16:25.915000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39644date:2017-08-17T00:00:00
db:BIDid:35926date:2009-08-27T22:22:00
db:JVNDBid:JVNDB-2009-001971date:2009-09-04T00:00:00
db:CNNVDid:CNNVD-200908-506date:2009-08-18T00:00:00
db:NVDid:CVE-2009-2198date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-39644date:2009-08-04T00:00:00
db:BIDid:35926date:2009-08-03T00:00:00
db:JVNDBid:JVNDB-2009-001971date:2009-09-04T00:00:00
db:PACKETSTORMid:79912date:2009-08-05T08:42:40
db:CNNVDid:CNNVD-200908-506date:2009-08-04T00:00:00
db:NVDid:CVE-2009-2198date:2009-08-04T16:30:00.327