Apple has released a security update for Windows 7 and later to address a vulnerability in Apple Software Update. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
-
Windows 7 and later
Apple has released a security update for Windows 7 and later to address a vulnerability in Apple Software Update. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Depending on the privileges associated with the user, an attacker in a privileged network position may be able to control the contents of the updates window. Details of this vulnerability is as follows:
-
The contents of the updates window were retrieved from the network using an unprotected HTTP connection [CVE-2016-1731]
-
After appropriate testing apply applicable updates provided by Apple to vulnerable systems.
-
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
-
Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
-
Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.