/>
X

Apple patches man-in-middle vulnerability in OS X 10.6

Apple's latest OS X download includes a PackageKit patch to thwart potential "man-in-the-middle attacks."
larry-dignan-eic.jpg
Written by Larry Dignan, Contributing Editor on

Apple's latest OS X download includes a PackageKit patch to thwart potential "man-in-the-middle attacks."

Here are the patch details in full:

CVE-ID: CVE-2010-4013

Available for: Mac OS X v10.6 through v10.6.5, Mac OS X Server v10.6 through v10.6.5

Impact: A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution

Description: A format string issue exists in PackageKit's handling of distribution scripts. A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution when Software Update checks for new updates. This issue is addressed through improved validation of distribution scripts. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aaron Sigel of vtty.com for reporting this issue.

Apple pushed the patch out along with Mac OS v10.6.6, which delivered the Mac App Store.

Related

On July 12, we'll see the universe like never before
51656393132-ca88bc21e3-k

On July 12, we'll see the universe like never before

Space
My Bitcoin 'investment': After exactly six months, how much did I gain or lose?
crypto-on-paypal-2022-07-01-00-06-57

My Bitcoin 'investment': After exactly six months, how much did I gain or lose?

Bitcoin
Delta Air Lines just made an embarrassing announcement (you may be livid)
screen-shot-2022-06-22-at-3-50-54-pm.png

Delta Air Lines just made an embarrassing announcement (you may be livid)

Business