Apple Software Update 2.2 Addresses Security Vulnerability

ITS Advisory Number: 
2016-053
Date(s) Issued: 
Friday, March 11, 2016
Subject: 
Apple Software Update 2.2 Addresses Security Vulnerability
Overview: 

Apple has released a security update for Windows 7 and later to address a vulnerability in Apple Software Update. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Systems Affected: 
  • Windows 7 and later

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Apple has released a security update for Windows 7 and later to address a vulnerability in Apple Software Update. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Depending on the privileges associated with the user, an attacker in a privileged network position may be able to control the contents of the updates window. Details of this vulnerability is as follows:

  • The contents of the updates window were retrieved from the network using an unprotected HTTP connection [CVE-2016-1731]

Actions: 
  • After appropriate testing apply applicable updates provided by Apple to vulnerable systems.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.