Apple has released a fix for a vulnerability in its Remote Desktop product that could result in sensitive data not being encrypted, even when users have the product configured to send all data in encrypted form. The vulnerability in Apple Remote Desktop is fixed by adding an SSH tunnel to the connection, which wraps the connection in an encrypted tunnel. The bug is a serious one because not only was the connection not encrypted, users did not get a warning letting them know that the data was being sent in the clear.
Source: https://threatpost.com/apple-patches-remote-desktop-flaw-082112/76932/