To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,11034440,00.htm

Apple leaves Mac users open to hackers
Automated update feature puts users at risk...

By Aled Herbert

Published: Tuesday 09 July 2002

Apple has been warned that hackers can take advantage of a hole on the company's online software update service to piggyback malicious code on downloads.

A hacker has posted details on the BugTraq mailing list on how to exploit the vulnerability on any Mac running the OS X operating system.

SoftwareUpdate, Apple's software updating mechanism in OS X, checks for new updates from the company's website on a weekly basis.

The report claims the feature downloads updates and installs them without asking for authentication.

Apple has failed to provide a patch for the problem but said it is investigating the report.