Required CVE Record Information
Description
The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- http://www.barebones.com/support/yojimbo/arch_yojimbo40.html x_transferred
- http://www.barebones.com/support/bbedit/arch_bbedit1055.html x_transferred
- https://groups.google.com/forum/#%21msg/bbedit/BjvyUKCM4Gk/ZT_v03QqPqgJ x_transferred
- http://www.barebones.com/support/textwrangler/notes_tw453.html x_transferred