Search...

CVE-2018-4229

2018-06-08T18:29:00

ID CVE-2018-4229
Type cve
Reporter cve@mitre.org
Modified 2018-07-13T17:58:00

Description

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.

JSON Vulners Source

Initial Source

{"id": "CVE-2018-4229", "bulletinFamily": "NVD", "title": "CVE-2018-4229", "description": "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"Grand Central Dispatch\" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.", "published": "2018-06-08T18:29:00", "modified": "2018-07-13T17:58:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4229", "reporter": "cve@mitre.org", "references": ["http://www.securitytracker.com/id/1041027", "https://support.apple.com/HT208849"], "cvelist": ["CVE-2018-4229"], "type": "cve", "lastseen": "2019-05-29T18:20:07", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "a532398d248bd9fa962e0ba4d57e33ec"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "10edbc2fb713811cad466c751d0a8b65"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "9bba623d75fb842853f6872066407c05"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "729f98bc4a65b3e0e24ddfee3d3c4450"}, {"key": "cvss3", "hash": "8623a4b43b8a53a7629cacc21885a8f3"}, {"key": "cwe", "hash": "9be98121f2022e3cbc7266e74ecbbb55"}, {"key": "description", "hash": "40167b74394a255ced77c6be6ce34dbc"}, {"key": "href", "hash": "0d974bcfed303a18d4f6e57b97e8cb3e"}, {"key": "modified", "hash": "a3def0dd7a59bd824944e067d4ffced7"}, {"key": "published", "hash": "1ea7cb0a5702df794125c58200bff64a"}, {"key": "references", "hash": "c704c2ff0d435b112a1c0ec527833500"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "30d90fe9e6c8bea4fd704e9ac5894ae6"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "dd5a8f6d9647546679c95ff992340d63d14711952004a76baace53051b625288", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310813510"]}, {"type": "nessus", "idList": ["MACOS_10_13_5.NASL"]}], "modified": "2019-05-29T18:20:07"}, "score": {"value": 5.1, "vector": "NONE", "modified": "2019-05-29T18:20:07"}, "vulnersScore": 5.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:apple:mac_os_x:10.9.5", "cpe:/a:apple:mac_os_x:10.2", "cpe:/a:apple:mac_os_x:10.4.7", "cpe:/a:apple:mac_os_x:-", "cpe:/a:apple:mac_os_x:10.0.1", "cpe:/a:apple:mac_os_x:10.11.5", "cpe:/a:apple:mac_os_x:10.9", "cpe:/a:apple:mac_os_x:10.12.6", "cpe:/a:apple:mac_os_x:10.5.3", "cpe:/a:apple:mac_os_x:10.1.4", "cpe:/a:apple:mac_os_x:10.10.5", "cpe:/a:apple:mac_os_x:10.7.2", "cpe:/a:apple:mac_os_x:10.6.3", "cpe:/a:apple:mac_os_x:10.8.1", "cpe:/a:apple:mac_os_x:10.12", "cpe:/a:apple:mac_os_x:10.4.2", "cpe:/a:apple:mac_os_x:10.11.1", "cpe:/a:apple:mac_os_x:10.5.7", "cpe:/a:apple:mac_os_x:10.11.4", "cpe:/a:apple:mac_os_x:10.6.0", "cpe:/a:apple:mac_os_x:10.9.3", "cpe:/a:apple:mac_os_x:10.4", "cpe:/a:apple:mac_os_x:10.3.1", "cpe:/a:apple:mac_os_x:10.3.4", "cpe:/a:apple:mac_os_x:10.1.1", "cpe:/a:apple:mac_os_x:10.4.3", "cpe:/a:apple:mac_os_x:10.3", "cpe:/a:apple:mac_os_x:10.4.0", "cpe:/a:apple:mac_os_x:10.5.1", "cpe:/a:apple:mac_os_x:10.12.4", "cpe:/a:apple:mac_os_x:10.4.8", "cpe:/a:apple:mac_os_x:10.5.2", "cpe:/a:apple:mac_os_x:10.6.4", "cpe:/a:apple:mac_os_x:10.3.8", "cpe:/a:apple:mac_os_x:10.5", "cpe:/a:apple:mac_os_x:10.3.2", "cpe:/a:apple:mac_os_x:10.7.3", "cpe:/a:apple:mac_os_x:10.6.6", "cpe:/a:apple:mac_os_x:10.0.4", "cpe:/a:apple:mac_os_x:10.3.3", "cpe:/a:apple:mac_os_x:10.5.4", "cpe:/a:apple:mac_os_x:10.13.1", "cpe:/a:apple:mac_os_x:10.0.3", "cpe:/a:apple:mac_os_x:10.7.0", "cpe:/a:apple:mac_os_x:10.8.2", "cpe:/a:apple:mac_os_x:10.13.3", "cpe:/a:apple:mac_os_x:10.7.5", "cpe:/a:apple:mac_os_x:10.8.4", "cpe:/a:apple:mac_os_x:10.4.1", "cpe:/a:apple:mac_os_x:10.8.0", "cpe:/a:apple:mac_os_x:10.4.10", "cpe:/a:apple:mac_os_x:10.9.2", "cpe:/a:apple:mac_os_x:10.3.5", "cpe:/a:apple:mac_os_x:10.12.5", "cpe:/a:apple:mac_os_x:10.6.2", "cpe:/a:apple:mac_os_x:10.11.3", "cpe:/a:apple:mac_os_x:10.13.4", "cpe:/a:apple:mac_os_x:10.11.2", "cpe:/a:apple:mac_os_x:10.3.0", "cpe:/a:apple:mac_os_x:10.4.6", "cpe:/a:apple:mac_os_x:10.10.0", "cpe:/a:apple:mac_os_x:10.2.0", "cpe:/a:apple:mac_os_x:10.13.2", "cpe:/a:apple:mac_os_x:10.8.3", "cpe:/a:apple:mac_os_x:10.5.0", "cpe:/a:apple:mac_os_x:10.10.1", "cpe:/a:apple:mac_os_x:10.2.4", "cpe:/a:apple:mac_os_x:10.0.2", "cpe:/a:apple:mac_os_x:10.3.6", "cpe:/a:apple:mac_os_x:10.4.4", "cpe:/a:apple:mac_os_x:10.3.9", "cpe:/a:apple:mac_os_x:10.2.6", "cpe:/a:apple:mac_os_x:10.5.5", "cpe:/a:apple:mac_os_x:10.6.5", "cpe:/a:apple:mac_os_x:10.10.3", "cpe:/a:apple:mac_os_x:10.7.4", "cpe:/a:apple:mac_os_x:10.12.2", "cpe:/a:apple:mac_os_x:10.12.1", "cpe:/a:apple:mac_os_x:10.12.0", "cpe:/a:apple:mac_os_x:10.12.3", "cpe:/a:apple:mac_os_x:10.10.2", "cpe:/a:apple:mac_os_x:10.8.5", "cpe:/a:apple:mac_os_x:10.2.3", "cpe:/a:apple:mac_os_x:10.4.11", "cpe:/a:apple:mac_os_x:10.1.5", "cpe:/a:apple:mac_os_x:10.10.4", "cpe:/a:apple:mac_os_x:10.9.1", "cpe:/a:apple:mac_os_x:10.6.1", "cpe:/a:apple:mac_os_x:10.9.4", "cpe:/a:apple:mac_os_x:10.1.0", "cpe:/a:apple:mac_os_x:10.1", "cpe:/a:apple:mac_os_x:10.0", "cpe:/a:apple:mac_os_x:10.1.3", "cpe:/a:apple:mac_os_x:10.6.7", "cpe:/a:apple:mac_os_x:10.1.2", "cpe:/a:apple:mac_os_x:10.11.0", "cpe:/a:apple:mac_os_x:10.4.5", "cpe:/a:apple:mac_os_x:10.5.8", "cpe:/a:apple:mac_os_x:10.0.0", "cpe:/a:apple:mac_os_x:10.13.0", "cpe:/a:apple:mac_os_x:10.4.9", "cpe:/a:apple:mac_os_x:10.2.8", "cpe:/a:apple:mac_os_x:10.6.8", "cpe:/a:apple:mac_os_x:10.11.6", "cpe:/a:apple:mac_os_x:10.2.1", "cpe:/a:apple:mac_os_x:10.2.7", "cpe:/a:apple:mac_os_x:10.3.7", "cpe:/a:apple:mac_os_x:10.2.2", "cpe:/a:apple:mac_os_x:10.5.6", "cpe:/a:apple:mac_os_x:10.2.5", "cpe:/a:apple:mac_os_x:10.13", "cpe:/a:apple:mac_os_x:10.7.1"], "affectedSoftware": [{"name": "apple mac_os_x", "operator": "eq", "version": "10.6.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.6.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.6.8"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.10"}, {"name": "apple mac_os_x", "operator": "eq", "version": "-"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.7.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.10.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.5.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.5.8"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.1.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.1.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3.8"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.13.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.13.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.6"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.2.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.5.6"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.8.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.1.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.10.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.9.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.5.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.1.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.6.7"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.7.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.11"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.9.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.11.6"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.5.7"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.9.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.6.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.10.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.9"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.2.8"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.5.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.7.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.0.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.6.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3.7"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.5.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.11.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.11.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.12.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.8.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3.6"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.8.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.2.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.13.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.5.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.2.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.2.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.12.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.7.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.1.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.8.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.0.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.0.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.10.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.11.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.2.7"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.10.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.7.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.1.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.12.6"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.12.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.8.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.12.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.0.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.12"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.5.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.12.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.10.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.11.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.13"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.6.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.13.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.8"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.6.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.13.2"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3.9"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.9.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.3.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.9"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.11.5"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.12.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.6.6"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.2.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.8.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.4.7"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.2.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.11.4"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.9.3"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.7.0"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.0.1"}, {"name": "apple mac_os_x", "operator": "eq", "version": "10.2.6"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "cpe23": [], "cwe": ["CWE-254"]}

{"openvas": [{"lastseen": "2019-07-17T14:04:10", "bulletinFamily": "scanner", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-06-04T00:00:00", "id": "OPENVAS:1361412562310813510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813510", "title": "Apple MacOSX Security Updates(HT208849)-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MacOSX Security Updates(HT208849)-01\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813510\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2018-4237\", \"CVE-2018-4236\", \"CVE-2018-4235\", \"CVE-2018-4234\",\n \"CVE-2018-4230\", \"CVE-2018-4141\", \"CVE-2018-4219\", \"CVE-2018-4241\",\n \"CVE-2018-4243\", \"CVE-2018-4251\", \"CVE-2018-4253\", \"CVE-2018-7584\",\n \"CVE-2018-4184\", \"CVE-2018-4228\", \"CVE-2018-4229\", \"CVE-2018-4221\",\n \"CVE-2018-4223\", \"CVE-2018-4224\", \"CVE-2018-4226\", \"CVE-2018-4227\",\n \"CVE-2018-4202\", \"CVE-2018-4242\", \"CVE-2018-4240\", \"CVE-2018-4196\",\n \"CVE-2018-4198\", \"CVE-2018-4225\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-04 14:08:42 +0530 (Mon, 04 Jun 2018)\");\n script_name(\"Apple MacOSX Security Updates(HT208849)-01\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A logic issue in validation.\n\n - A memory corruption issue in memory handling.\n\n - An injection issue in input validation.\n\n - A race condition in locking.\n\n - A validation issue in input sanitization.\n\n - A type confusion issue in memory handling.\n\n - A buffer overflow issue in bounds checking.\n\n - A device configuration issue in configuration.\n\n - An out-of-bounds read issue leading to the disclosure of kernel memory.\n\n - A sandbox issue in handling of microphone access.\n\n - An issue in parsing entitlement plists.\n\n - An issue in the handling of S-MIME certificaties.\n\n - An authorization issue in state management.\n\n - An issue in the handling of encrypted Mail.\n\n - An input validation issue.\n\n - A memory corruption vulnerability in improved locking.\n\n - An information disclosure issue in Accessibility Framework.\n\n - A validation issue existed in the handling of text.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges, execute arbitrary code, conduct\n impersonation attacks, read restricted memory, modify the EFI flash memory\n region, circumvent sandbox restrictions, read a persistent account identifier,\n read kernel memory, view sensitive user information, exfiltrate the contents\n of S/MIME- encrypted e-mail, spoof password prompts in iBooks and cause denial\n of service.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions,\n 10.13.x through 10.13.4\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X 10.13.5 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-in/HT208849\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.13\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.13\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nif(version_is_less(version:osVer, test_version:\"10.13.5\"))\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.13.5\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:40:08", "bulletinFamily": "scanner", "description": "The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.5. It is, therefore, affected by multiple vulnerabilities.\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "modified": "2018-12-21T00:00:00", "id": "MACOS_10_13_5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=110324", "published": "2018-06-05T00:00:00", "title": "macOS 10.13.x < 10.13.5 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110324);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/21 12:29:53\");\n\n script_cve_id(\n \"CVE-2018-4141\",\n \"CVE-2018-4159\",\n \"CVE-2018-4167\",\n \"CVE-2018-4171\",\n \"CVE-2018-4184\",\n \"CVE-2018-4193\",\n \"CVE-2018-4196\",\n \"CVE-2018-4198\",\n \"CVE-2018-4202\",\n \"CVE-2018-4211\",\n \"CVE-2018-4219\",\n \"CVE-2018-4221\",\n \"CVE-2018-4223\",\n \"CVE-2018-4224\",\n \"CVE-2018-4225\",\n \"CVE-2018-4226\",\n \"CVE-2018-4227\",\n \"CVE-2018-4228\",\n \"CVE-2018-4229\",\n \"CVE-2018-4230\",\n \"CVE-2018-4234\",\n \"CVE-2018-4235\",\n \"CVE-2018-4236\",\n \"CVE-2018-4237\",\n \"CVE-2018-4240\",\n \"CVE-2018-4241\",\n \"CVE-2018-4242\",\n \"CVE-2018-4243\",\n \"CVE-2018-4249\",\n \"CVE-2018-4251\",\n \"CVE-2018-4253\",\n \"CVE-2018-5383\",\n \"CVE-2018-7584\",\n \"CVE-2018-8897\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-7-23-2\");\n\n script_name(english:\"macOS 10.13.x < 10.13.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is\n10.13.x prior to 10.13.5. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208849\");\n # https://lists.apple.com/archives/security-announce/2018/Jul/msg00009.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68a789b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4229\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfix = \"10.13.5\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}