CVE-2013-3667
Bare Bones Software TextWrangler < 4.5.3 - Unauthenticated Update Tampering via Improper Input Validation
Title source: llmDescription
The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.
References (4)
Core 4
Core References
Mailing List x_refsource_confirm
https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ
Vendor Advisory x_refsource_confirm
http://www.barebones.com/support/yojimbo/arch_yojimbo40.html
Vendor Advisory x_refsource_confirm
http://www.barebones.com/support/bbedit/arch_bbedit1055.html
Vendor Advisory x_refsource_confirm
http://www.barebones.com/support/textwrangler/notes_tw453.html
Scores
EPSS
0.0181
EPSS Percentile
76.1%
Details
CWE
CWE-20
Status
published
Products (35)
barebones/bbedit
10.0
barebones/bbedit
10.0.1
barebones/bbedit
10.1
barebones/bbedit
10.1.1
barebones/bbedit
10.1.2
barebones/bbedit
10.5
barebones/bbedit
10.5.1
barebones/bbedit
10.5.2
barebones/bbedit
10.5.3
barebones/bbedit
< 10.5.4
... and 25 more
Published
Dec 31, 2013
Tracked Since
Feb 18, 2026