Vulnerability Description
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.1 |
References
- http://www.cunap.com/~hardingr/projects/osx/exploit.htmlVendor Advisory
- http://www.iss.net/security_center/static/9502.php
- http://www.osvdb.org/5137
- http://www.securityfocus.com/bid/5176
- http://www.cunap.com/~hardingr/projects/osx/exploit.htmlVendor Advisory
- http://www.iss.net/security_center/static/9502.php
- http://www.osvdb.org/5137
- http://www.securityfocus.com/bid/5176
FAQ
What is CVE-2002-0676?
CVE-2002-0676 is a vulnerability with a CVSS score of 7.5 (HIGH). SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via te...
How severe is CVE-2002-0676?
CVE-2002-0676 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0676?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.