New Evilgrade Mac App Store Module Added CVE-2011-3224
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools.
This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.
More Information: Google Code – ISR-Evilgrade
Thanks @famato CEO from Infobyte Security Research (@infobytesec)
