CVE-2013-3667

Bare Bones Software TextWrangler < 4.5.3 - Unauthenticated Update Tampering via Improper Input Validation

Title source: llm
STIX 2.1

Description

The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.

References (4)

Core 4

Scores

EPSS 0.0181
EPSS Percentile 76.1%

Details

CWE
CWE-20
Status published
Products (35)
barebones/bbedit 10.0
barebones/bbedit 10.0.1
barebones/bbedit 10.1
barebones/bbedit 10.1.1
barebones/bbedit 10.1.2
barebones/bbedit 10.5
barebones/bbedit 10.5.1
barebones/bbedit 10.5.2
barebones/bbedit 10.5.3
barebones/bbedit < 10.5.4
... and 25 more
Published Dec 31, 2013
Tracked Since Feb 18, 2026