Vulnerability Details CVE-2016-1731
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.3%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 5.0
References
Products affected by CVE-2016-1731
-
cpe:2.3:a:apple:software_update:-
-
cpe:2.3:a:apple:software_update:2.1.0.110
-
cpe:2.3:a:apple:software_update:2.1.1.116
-
cpe:2.3:a:apple:software_update:2.1.2.120
-
cpe:2.3:a:apple:software_update:2.1.3.127