The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.
References
Link | Resource |
---|---|
http://www.barebones.com/support/bbedit/arch_bbedit1055.html | Vendor Advisory |
http://www.barebones.com/support/textwrangler/notes_tw453.html | Vendor Advisory |
http://www.barebones.com/support/yojimbo/arch_yojimbo40.html | Vendor Advisory |
https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2013-12-31 20:55
Updated : 2024-02-28 12:00
NVD link : CVE-2013-3667
Mitre link : CVE-2013-3667
CVE.ORG link : CVE-2013-3667
JSON object : View
Products Affected
barebones
- textwrangler
- yojimbo
- bbedit
CWE
CWE-20
Improper Input Validation