Bugtraq mailing list archives
Re: MacOS X SoftwareUpdate Vulnerability
From: "Kurt Seifried" <bugtraq () seifried org>
Date: Mon, 8 Jul 2002 12:52:40 -0600
Date: July 6, 2002 Version: MacOS 10.1.X and possibly 10.0.X Problem: MacOS X SoftwareUpdate connects to the SoftwareUpdate Server
via
HTTP with no authentication, leaving it vulnerable to attack.[...]Solution/Patch/Workaround:[...] A possible workaround: System Preferences -> Software Update -> Update Software: [x] Manually DonĀ“t touch the "Update Now"-Button! Look for updates on http://www.info.apple.com/support/downloads.html Use trusted networks or http-to-mail gateway to get the files.
How is this an improvement? The whole premise of the attack relies on DNS/ARP poisoning/spoofing, which is super trivial if you are local, pretty easy on the same subnet, and usually possible across the Internet. So instead of directing you to swquery.apple.com or *.g.akamai.net I simply redirect you to my version of www.apple.com. Apple doesn't even post MD5 sum's of the files, let alone a PGP/GnuPG signature, there is absoulutely no verification of the packages as far as I can tell.
HTH, Julian
Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.iDefense.com/
Current thread:
- MacOS X SoftwareUpdate Vulnerability Russell Harding (Jul 07)
- Re: MacOS X SoftwareUpdate Vulnerability Julian Suschlik (Jul 08)
- Re: MacOS X SoftwareUpdate Vulnerability Kurt Seifried (Jul 08)
- Re: MacOS X SoftwareUpdate Vulnerability Corey J. Steele (Jul 11)
- Re: MacOS X SoftwareUpdate Vulnerability gabriel rosenkoetter (Jul 12)
- <Possible follow-ups>
- RE: MacOS X SoftwareUpdate Vulnerability jaehnel (Jul 13)
- RE: MacOS X SoftwareUpdate Vulnerability Hundley, Gordon - Princeton (Jul 15)
- Re: MacOS X SoftwareUpdate Vulnerability Julian Suschlik (Jul 08)