TUCoPS :: Macintosh :: mac5519.htm

OS X SoftwareUpdate Hi-jacking
8th Jul 2002 [SBWID-5519]

	MacOS X SoftwareUpdate Hi-jacking


	MacOS 10.1.X and possibly 10.0.X


	Russell Harding [hardingr@cunap.com] with the  help  of  Spectre  Phlux,
	KrazyC, Devon, and The Wench, posted :

	Mac OS X includes  a  software  updating  mechanism  \"SoftwareUpdate\".
	Software update, when configured  by  default,  checks  weekly  for  new
	updates from Apple. HTTP is  used  with  absolutely  no  authentication.
	Using well  known  techniques,  such  as  DNS  Spoofing,  or  DNS  Cache
	Poisoning it is trivial to trick a  user  into  installing  a  malicious
	program posing as an update from Apple.

	Apple frequently releases updates, which  are  all  installed  as  root.
	Exploiting this vulnerability can lead to root  compromise  on  affected




	Get it from :



	The exploit for this vulnerability has been released to the  public  for
	testing purposes. It  is  distributed  as  a  Mac  OS  X  package  which
	includes DNS and ARP  spoofing  software.  Also,  it  includes  the  cgi
	scripts, and apache configuration  files  required  to  impersonate  the
	Apple SoftwareUpdatesServer.


	 Update (15 July 2002)



	Patch        is        now         availible         from         apple:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH