CVE-2007-5863: Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the…

CVE-2007-5863 [HIGH] GHSA-5f6v-m426-9687: Software Update in Apple Mac OS X 10 Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.

CVE-2007-5863 Apple Mac OSX Software Update - Command Execution (Metasploit) Apple Mac OSX Software Update - Command Execution (Metasploit) --- ## # $Id: software_update.rb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 'Apple OS X Software Update Command Execution', 'Description' => %q{ This module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirected to this server by other means fo

Apple OS X Software Update Command Execution Apple OS X Software Update Command Execution This module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirected to this server by other means for this exploit to work.