VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 11, 2002· Updated Apr 16, 2026

CVE-2002-0676

CVE-2002-0676

Description

MacOS X 10.1.x SoftwareUpdate allows remote attackers to execute arbitrary code by spoofing the update server and providing malicious updates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

MacOS X 10.1.x SoftwareUpdate allows remote attackers to execute arbitrary code by spoofing the update server and providing malicious updates.

Vulnerability

SoftwareUpdate for MacOS 10.1.x does not authenticate the source of software updates, allowing remote attackers to potentially execute arbitrary code. The vulnerability exists because the update process uses HTTP without authentication, and downloaded packages are installed with root privileges [1].

Exploitation

An attacker can exploit this vulnerability by controlling the machine that the vulnerable client believes is the Apple update server, swquery.apple.com. This can be achieved through techniques such as DNS cache poisoning or DNS spoofing. Once the attacker controls the server, they can supply Trojan Horse updates that will be installed on the victim's system [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code with root privileges on the vulnerable system. This means an attacker can install malicious software, effectively gaining complete control over the affected MacOS X machine [1].

Mitigation

No specific patched version or release date has been disclosed in the available references. Users are advised to be cautious when downloading software updates. It is not known if this vulnerability is listed on the KEV catalog or if the product is end-of-life [1].

References
  1. Apple Mac OSX 10.1.x - SoftwareUpdate Arbitrary Package Installation

AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Apple Inc./Mac OS X6 versions
    cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*
  • Apple Inc./SoftwareUpdatellm-create
    Range: = bundled with MacOS 10.1.x
  • Apple Inc./macOSllm-fuzzy
    Range: = 10.1.x

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.