Apple Software Update Insecure Transport
Medium Nessus Plugin ID 90005
SynopsisThe remote host has an application installed that that uses an insecure connection protocol for updating.
DescriptionThe version of Apple Software Update installed on the remote Mac OS X host does not use the HTTPS protocol when transferring the updates window contents. A man-in-the-middle attacker can exploit this vulnerability, by modifying the data stream between the client and server, to control the contents of the updates window.
SolutionUpgrade to Apple Software Update version 2.2 or later.