Vulnerability Details CVE-2002-0676
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.142
EPSS Ranking 94.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.cunap.com/~hardingr/projects/osx/exploit.html
- http://www.iss.net/security_center/static/9502.php
- http://www.osvdb.org/5137
- http://www.securityfocus.com/bid/5176
- http://www.cunap.com/~hardingr/projects/osx/exploit.html
- http://www.iss.net/security_center/static/9502.php
- http://www.osvdb.org/5137
- http://www.securityfocus.com/bid/5176
Products affected by CVE-2002-0676
-
cpe:2.3:o:apple:mac_os_x:10.1
-
cpe:2.3:o:apple:mac_os_x:10.1.1
-
cpe:2.3:o:apple:mac_os_x:10.1.2
-
cpe:2.3:o:apple:mac_os_x:10.1.3
-
cpe:2.3:o:apple:mac_os_x:10.1.4
-
cpe:2.3:o:apple:mac_os_x:10.1.5