This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote host has an application installed that that uses an
insecure connection protocol for updating.
The version of Apple Software Update installed on the remote Mac OS X
host does not use the HTTPS protocol when transferring the updates
window contents. A man-in-the-middle attacker can exploit this
vulnerability, by modifying the data stream between the client and
server, to control the contents of the updates window.
See also :
Upgrade to Apple Software Update version 2.2 or later.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 4.3
Public Exploit Available : false