High severity7.5NVD Advisory· Published May 13, 2009· Updated Apr 23, 2026

CVE-2009-0152

Description

iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: >=10.5.0,<10.5.7
Apple Inc./Mac Os X Server
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
Range: >=10.5.0,<10.5.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2009/May/msg00002.htmlnvdMailing ListPatchVendor Advisory
support.apple.com/kb/HT3549nvdPatchVendor Advisory
www.securityfocus.com/bid/34926nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.us-cert.gov/cas/techalerts/TA09-133A.htmlnvdThird Party AdvisoryUS Government Resource
exchange.xforce.ibmcloud.com/vulnerabilities/50487nvdThird Party AdvisoryVDB Entry
secunia.com/advisories/35074nvdBroken Link
www.vupen.com/english/advisories/2009/1297nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000