[] NeoSense
E X P L O I T S
title author type platform port cve id

Apple Mac OSX 10.1.x - SoftwareUpdate Arbitrary Package Installation

Author: Russell Harding
type: remote
platform: osx
port: 
date_added: 2002-07-08 
date_updated: 2012-10-01 
verified: 1 
codes: CVE-2002-0676;OSVDB-5137 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/5176/info

A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without any authentication, to obtain updates from Apple. Any updated packages are installed on the system as the root user.

In order to exploit this vulnerability, the attacker must control the machine located at swquery.apple.com, from the perspective of the vulnerable client. It may be possible to create this condition through some known techniques, including DNS cache poisoning and DNS spoofing.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21596.tgz.tar
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.