← back
CVE-2002-0676

CVE-2002-0676

EPSS 4.3%
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/21596unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.cunap.com/~hardingr/projects/osx/exploit.htmlhttp://www.iss.net/security_center/static/9502.phphttp://www.osvdb.org/5137http://www.securityfocus.com/bid/5176