|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kurt Seifried (bugtraq
seifried.org)Date: Mon Jul 08 2002 - 13:52:40 CDT
>> Date: July 6, 2002
>> Version: MacOS 10.1.X and possibly 10.0.X
>> Problem: MacOS X SoftwareUpdate connects to the SoftwareUpdate Server
via
>> HTTP with no authentication, leaving it vulnerable to attack.
>[...]
>> Solution/Patch/Workaround:
>[...]
>
>A possible workaround:
>
>System Preferences -> Software Update -> Update Software: [x] Manually
>Donīt touch the "Update Now"-Button!
>
>Look for updates on http://www.info.apple.com/support/downloads.html
>Use trusted networks or http-to-mail gateway to get the files.
How is this an improvement? The whole premise of the attack relies on
DNS/ARP poisoning/spoofing, which is super trivial if you are local, pretty
easy on the same subnet, and usually possible across the Internet. So
instead of directing you to swquery.apple.com or *.g.akamai.net I simply
redirect you to my version of www.apple.com.
Apple doesn't even post MD5 sum's of the files, let alone a PGP/GnuPG
signature, there is absoulutely no verification of the packages as far as I
can tell.
>HTH,
>
>Julian
Kurt Seifried, kurtseifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.iDefense.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]