[Am-info] Security Researcher Claims Apple Update Vulnerable
Eric Bennett
ericb@pobox.com
Thu, 18 Jul 2002 12:52:20 -0500
Mitch Stone wrote:
>
> Sorry, but from my reading on this subject, exploiting this vulnerability
> required compromising a domain name server, which isn't child's play from
> what I understand. It also required being very [un]lucky. Someone on the
> other side of the DNS has to run the Software Update control panel while
> the server is compromised. Possible? Yes. Probable? I don't think so.
Not that this thread has anything even *remotely* to do with am-info (maybe
we should rename it fred-info?), but no, it doesn't require compromising a
name server.
See these and the other messages in the thread:
http://online.securityfocus.com/archive/1/281139/2002-07-08/2002-07-14/0
http://online.securityfocus.com/archive/1/281911/2002-07-08/2002-07-14/0
--
Eric Bennett ( ericb@pobox.com ; http://www.pobox.com/~ericb )
Whether you're here by birth, or whether you're in America by choice,
you contribute to the vitality of our life. And for that, we are
grateful. - George W. Bush, May 17 2002