Vulnerability Description
The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Barebones | Textwrangler | <= 4.5.2 |
| Barebones | Bbedit | <= 10.5.4 |
| Barebones | Yojimbo | <= 3.0.4 |
Related Weaknesses (CWE)
References
- http://www.barebones.com/support/bbedit/arch_bbedit1055.htmlVendor Advisory
- http://www.barebones.com/support/textwrangler/notes_tw453.htmlVendor Advisory
- http://www.barebones.com/support/yojimbo/arch_yojimbo40.htmlVendor Advisory
- https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ
- http://www.barebones.com/support/bbedit/arch_bbedit1055.htmlVendor Advisory
- http://www.barebones.com/support/textwrangler/notes_tw453.htmlVendor Advisory
- http://www.barebones.com/support/yojimbo/arch_yojimbo40.htmlVendor Advisory
- https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ
FAQ
What is CVE-2013-3667?
CVE-2013-3667 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, ...
How severe is CVE-2013-3667?
CVE-2013-3667 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3667?
Check the references section above for vendor advisories and patch information. Affected products include: Barebones Textwrangler, Barebones Bbedit, Barebones Yojimbo.