KLA10773
Code execution vulnerability in Apple Software Update
Updated: 06/01/2019
Detect date
?
03/10/2016
Severity
?
Warning
Description

Weak networking protocol usage was found in Apple Software Update. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via man-in-the-middle attack.


Technical details

Instead of usage HTTPS for downloading updates unprotected HTTP protocol was used. This vulnerability can lead to update data-stream spoofing.

Affected products

Apple Software Update versions earlier than 2.2

Solution

Update to the latest version

Original advisories

Apple Security Update

Impacts
?
ACE 
[?]
Related products
Apple Software Update
CVE-IDS
?
CVE-2016-17315.0Critical