Apple Mac OS X does not properly verify the authenticity...
High severity
Unreviewed
Published
May 2, 2022
to the GitHub Advisory Database
•
Updated Mar 23, 2026
Description
Published by the National Vulnerability Database
Aug 1, 2008
Published to the GitHub Advisory Database
May 2, 2022
Last updated
Mar 23, 2026
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
References