Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information
Apple Remote Desktop after 3.5.1 and prior to 3.6.1
A remote user can monitor potentially sensitive information.
A vulnerability was reported in Apple Remote Desktop. When a user connects to a third-party VNC server with the 'Encrypt all network data' setting enabled, network data is not encrypted. A remote user monitoring the network can obtain ostensibly encrypted data.
A remote user with the ability to monitor network connections can obtain potentially sensitive information.
The vendor has issued a fix. (3.6.1) Apple Support Downloads.