Man-in-the-Middle Vulnerability in Apple Software Update on Windows
CVE-2016-1731

5.9MEDIUM

Key Information:

Vendor
Apple
Status
Software Update
Vendor
CVE Published:
14 March 2016

Summary

Apple Software Update for Windows prior to version 2.2 is susceptible to man-in-the-middle attacks due to the lack of HTTPS enforcement. This vulnerability allows attackers to intercept and alter the client-server data stream, potentially leading to unauthorized updates being delivered to users. The absence of secure communication channels can compromise the integrity and authenticity of software updates, posing serious risks to user devices.

References

http://www.securitytracker.com/id/1035256
vdb-entryx_refsource_SECTRACK
https://support.apple.com/kb/HT206091
x_refsource_CONFIRM
http://www.securityfocus.com/bid/84283
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.