header-logo
Suggest Exploit
vendor:
Software Update
by:
7.5
CVSS
HIGH
Format String
134
CWE
Product Name: Software Update
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:apple:software_update
Metasploit:
Other Scripts:
Platforms Tested:

Apple Software Update Format String Vulnerability

Apple Software Update is prone to a format-string vulnerability. This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.

Mitigation:

It is recommended to update to the latest version of Apple Software Update to mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22222/info

Apple Software Update is prone to a format-string vulnerability.

This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application. 

$ touch %x.%x.%x.%x.%x.%x.%x.swutmp
$ open %x.%x.%x.%x.%x.%x.%x.swutmp

Navigation

Suggest Exploit

Services By CQR