CVE-2002-0676

Name of the Vulnerable Software and Affected Versions SoftwareUpdate for MacOS versions 10.1.x

Description The issue allows remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates, because the software update does not use authentication when downloading updates.

Recommendations For MacOS versions 10.1.x, consider disabling the automatic software update feature until a patch is available, and instead manually download updates from trusted sources to minimize the risk of exploitation.