Executive Summary

Name CVE-2008-3438 First vendor Publication 2008-08-01
Vendor Cve Last vendor Modification 2008-09-05

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3438

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-184 Software Integrity Attacks
CAPEC-185 Malicious Software Download
CAPEC-186 Malicious Software Update
CAPEC-187 Malicious Automated Software Update

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

Os 47

Open Source Vulnerability Database (OSVDB)

Id Description
48324 Apple Mac OS X Update Authenticity Verification Weakness

Sources (Detail)

Source Url
FULLDISC http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html
MISC http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf

Alert History

If you want to see full details history, please login or register.
Date Informations
2021-05-04 12:07:52
  • Multiple Updates
2021-04-22 01:08:13
  • Multiple Updates
2020-05-23 00:22:03
  • Multiple Updates
2013-05-11 00:22:40
  • Multiple Updates