CVE-2014-1257 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2014-1257

CWE

https://cwe.mitre.org/data/definitions/264.html

CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	*	10.8.5 (including)
Mac_os_x	Apple	10.8.0 (including)	10.8.0 (including)
Mac_os_x	Apple	10.8.1 (including)	10.8.1 (including)
Mac_os_x	Apple	10.8.2 (including)	10.8.2 (including)
Mac_os_x	Apple	10.8.3 (including)	10.8.3 (including)
Mac_os_x	Apple	10.8.4 (including)	10.8.4 (including)
Mac_os_x	Apple	10.8.5 (including)	10.8.5 (including)

References

http://support.apple.com/kb/HT6150
http://support.apple.com/kb/HT6150