CVE-2013-0982 : The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does n

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

Published 2013-06-05 14:39:55

Updated 2025-04-11 00:51:22

Source Apple Inc.

View at NVD, CVE.org

Products affected by CVE-2013-0982

Apple » Mac Os X
Versions up to, including, (<=) 10.8.3
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.0
cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.1
cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.2
cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.3
cpe:2.3:o:apple:mac_os_x:10.7.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.4
cpe:2.3:o:apple:mac_os_x:10.7.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.8.1
cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.8.0
cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.7.5
cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.8.2
cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.0
cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.1
cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.2
cpe:2.3:o:apple:mac_os_x_server:10.7.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.4
cpe:2.3:o:apple:mac_os_x_server:10.7.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.3
cpe:2.3:o:apple:mac_os_x_server:10.7.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.7.5
cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-0982

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-0982

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.7	LOW	AV:L/AC:L/Au:S/C:P/I:N/A:N	3.1	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-0982

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-0982

http://support.apple.com/kb/HT5784

About the security content of OS X Mountain Lion v10.8.4 and Security Update 2013-002 - Apple Support
Vendor Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Apple - Lists.apple.com

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-0982

Products affected by CVE-2013-0982

Exploit prediction scoring system (EPSS) score for CVE-2013-0982

CVSS scores for CVE-2013-0982

CWE ids for CVE-2013-0982

References for CVE-2013-0982