CAPEC-533 - Malicious Software Update

An attacker introduces malicious code to the victim's system by altering the payload of a software update, allowing for additional compromise or site disruption at the victim location.

Severity

Likelihood

Confidentiality

Integrity

Availability

High level: Able to develop malicious code that can used on the victim's system while maintaining normal functionality.

Advanced knowledge about the download and update installation processes.

Advanced knowledge about the deployed system and its various software subcomponents and processes.

Access to the download and update system(s) used to deliver software updates.