English
Russian
Japanese
LatAm
Türkiye
Brasil
France
Český
Deutschland
KLA10773
Code execution vulnerability in Apple Software Update
Обновлено: 03/06/2020
|
Дата обнаружения
|
10/03/2016 |
|
Уровень угрозы
|
Warning |
|
Описание
|
Weak networking protocol usage was found in Apple Software Update. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via man-in-the-middle attack. Technical details Instead of usage HTTPS for downloading updates unprotected HTTP protocol was used. This vulnerability can lead to update data-stream spoofing. |
|
Пораженные продукты
|
Apple Software Update versions earlier than 2.2 |
|
Решение
|
Update to the latest version |
|
Первичный источник обнаружения
|
Apple Security Update |
|
Оказываемое влияние
?
|
ACE
[?]
|
|
Связанные продукты
|
Apple Software Update |
|
CVE-IDS
|
|
| Узнай статистику распространения уязвимостей в твоем регионе |