KLA10773
Code execution vulnerability in Apple Software Update
Обновлено: 17/06/2019
Дата обнаружения
10/03/2016
Уровень угрозы
Warning
Описание

Weak networking protocol usage was found in Apple Software Update. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via man-in-the-middle attack.


Technical details

Instead of usage HTTPS for downloading updates unprotected HTTP protocol was used. This vulnerability can lead to update data-stream spoofing.

Пораженные продукты

Apple Software Update versions earlier than 2.2

Решение

Update to the latest version

Первичный источник обнаружения
Apple Security Update
Оказываемое влияние
?
ACE 
[?]
Связанные продукты
Apple Software Update
CVE-IDS
CVE-2016-17315.0Critical