Wickedkitten Veteran Posted July 14, 2002 Veteran Share Posted July 14, 2002 Apple has posted a fix for their Software Update mechanism used in Mac OS X. The update is available from the company's support Web site and will be available via Software Update shortly. As MacCentral reported last week, HTTP is used with no authentication when running the Software Update application. Using well known techniques, such as DNS Spoofing, or DNS Cache Poisoning it is trivial to trick a user into installing a malicious program posing as an update from Apple. http://maccentral.macworld.com/news/0207/13.update.php Seeing as how the fact that there was a security hole somehow managed to end up on the front page I highly doubt the fact that Apple has already patched it will. Link to comment Share on other sites More sharing options...
Recommended Posts