Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0676Apple MAC OS X vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
14.2%
top 5.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple MAC OS X
Timeline
PublishedJul 11
Latest updateApr 30

Description

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDapple/mac_os_x6 versions+5

🔴Vulnerability Details

1
GHSA
GHSA-fjx2-jv58-49j9: SoftwareUpdate for MacOS 102022-04-30

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX 10.1.x - SoftwareUpdate Arbitrary Package Installation2002-07-08