July 09, 2002
Mac OS Software-Update Exploit
Recently published exploit calles it "trivial" to trick a user to install malicious code.
IMHO DNS/ARP-Spoofing requires at least access to the victims network which i wouldn't call "trivial" given the victims network is considerably well protected.
In any case it is true, that it is a big oversight from Apple
not to incorporate any authentication mechanism into it's Software-Update programm.
They could at least somehow GPG-Sign their downloads and have Software-Update verify the signatures.
Posted in:
Security
by seiz
| Comments (0)
« CommuniGate Pro FAQ: Piping messages to a given account to a text file |
Main
| It's fixed already »