CVE-2008-3438

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/08/2008
Last modified:
09/04/2025

Description

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* 10.0.0 (including) 10.5.4 (including)