[原文]SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without any authentication, to obtain updates from Apple. Any updated packages are installed on the system as the root user.
In order to exploit this vulnerability, the attacker must control the machine located at swquery.apple.com, from the perspective of the vulnerable client. It may be possible to create this condition through some known techniques, including DNS cache poisoning and DNS spoofing.
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
MacOS X contains a flaw that may allow a malicious user to install or run arbitrary code on vulnerable systems. The issue is due to a lack of authentication and verification of packages by the SoftwareUpdate system. It is possible that the flaw may allow an attacker posing as the authoritative SoftwareUpdate site to deploy and execute malicious code, resulting in a loss of confidentiality, integrity, and/or availability.
It is possible to workaround this vulnerability by disabling automatic updates. Apple has also released a patch to address this vulnerability.