cbcvebase.
CVE-2002-0676
published 2002-07-11

CVE-2002-0676: SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by…

PriorityP432high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.27%
89.9th percentile
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

Affected

6 ranges
VendorProductVersion rangeFixed in
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.