CVE-2002-0676

SoftwareUpdate for MacOS 10.1.x - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0676. PoCs published by Russell Harding.

AI-analyzed exploit summary This is a vulnerability writeup describing a flaw in MacOS X's SoftwareUpdate mechanism, which uses unauthenticated HTTP to fetch updates, allowing an attacker to spoof the update server via DNS manipulation and execute arbitrary code as root.

Description

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Russell Harding · textremoteosx
https://www.exploit-db.com/exploits/21596

This is a vulnerability writeup describing a flaw in MacOS X's SoftwareUpdate mechanism, which uses unauthenticated HTTP to fetch updates, allowing an attacker to spoof the update server via DNS manipulation and execute arbitrary code as root.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: MacOS X (versions using SoftwareUpdate with HTTP)
No auth needed
Prerequisites: Control over DNS resolution for swquery.apple.com · Network position to perform DNS spoofing or cache poisoning
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/5137
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5176
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9502.php

Scores

EPSS 0.0427
EPSS Percentile 89.9%

Details

Status published
Products (6)
apple/mac_os_x 10.1
apple/mac_os_x 10.1.1
apple/mac_os_x 10.1.2
apple/mac_os_x 10.1.3
apple/mac_os_x 10.1.4
apple/mac_os_x 10.1.5
Published Jul 11, 2002
Tracked Since Feb 18, 2026