Vulnerabilities > CVE-2002-0676 - Unspecified vulnerability in Apple mac OS X

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

apple

exploit available

NVD

Published: 2002-07-11

Updated: 2008-09-05

Summary

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X 10.1 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5	6

Exploit-Db

description	MacOS X 10.1.x SoftwareUpdate Arbitrary Package Installation Vulnerability. CVE-2002-0676. Remote exploit for osx platform
id	EDB-ID:21596
last seen	2016-02-02
modified	2002-07-08
published	2002-07-08
reporter	Russell Harding
source	https://www.exploit-db.com/download/21596/
title	MacOS X 10.1.x SoftwareUpdate Arbitrary Package Installation Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References