English
Russian
Japanese
LatAm
Türkiye
Brasil
France
Český
Deutschland
KLA10773
Code execution vulnerability in Apple Software Update
Updated: 06/01/2019
|
Detect date
?
|
03/10/2016 |
|
Severity
?
|
Warning |
|
Description
|
Weak networking protocol usage was found in Apple Software Update. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via man-in-the-middle attack. Technical details Instead of usage HTTPS for downloading updates unprotected HTTP protocol was used. This vulnerability can lead to update data-stream spoofing. |
|
Affected products
|
Apple Software Update versions earlier than 2.2 |
|
Solution
|
Update to the latest version |
|
Original advisories
|
|
|
Impacts
?
|
ACE [?] |
|
Related products
|
Apple Software Update |
|
CVE-IDS
?
|
|