KLA10773Code execution vulnerability in Apple Software Update

2016-03-10T00:00:00
ID KLA10773
Type kaspersky
Reporter Kaspersky Lab
Modified 2018-10-16T00:00:00

Description

CVSS:

5.0

Detect date:

03/10/2016

Severity:

Critical

Description:

Weak networking protocol usage was found in Apple Software Update. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via man-in-the-middle attack.

Affected products:

Apple Software Update versions earlier than 2.2

Solution:

Update to the latest version

Original advisories:

Apple Security Update

Impacts:

ACE

Related products:

Apple Software Update

CVE-IDS:

CVE-2016-1731