ID CVE-2018-4229 Type cve Reporter NVD Modified 2018-07-13T13:58:56
Description
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Grand Central Dispatch" component. It allows attackers to bypass a sandbox protection mechanism by leveraging the misparsing of entitlement plists.
{"openvas": [{"lastseen": "2018-09-01T23:36:13", "references": ["https://support.apple.com/en-in/HT208849", "https://www.apple.com"], "pluginID": "1361412562310813510", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "edition": 4, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-06-04T00:00:00", "title": "Apple MacOSX Security Updates(HT208849)-01", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:36:13", "vector": "NONE", "value": 10.0}}, "naslFamily": "Mac OS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-4184", "CVE-2018-4253", "CVE-2018-4223", "CVE-2018-4227", "CVE-2018-4219", "CVE-2018-4229", "CVE-2018-4225", "CVE-2018-4228", "CVE-2018-4236", "CVE-2018-4234", "CVE-2018-4202", "CVE-2018-4242", "CVE-2018-4224", "CVE-2018-4221", "CVE-2018-4241", "CVE-2018-4198", "CVE-2018-4237", "CVE-2018-4251", "CVE-2018-4235", "CVE-2018-7584", "CVE-2018-4240", "CVE-2018-4196", "CVE-2018-4141", "CVE-2018-4243", "CVE-2018-4230", "CVE-2018-4226"], "modified": "2018-06-07T00:00:00", "id": "OPENVAS:1361412562310813510", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813510", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_HT208849_01.nasl 10124 2018-06-07 13:56:22Z santu $\n#\n# Apple MacOSX Security Updates(HT208849)-01\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813510\");\n script_version(\"$Revision: 10124 $\");\n script_cve_id(\"CVE-2018-4237\", \"CVE-2018-4236\", \"CVE-2018-4235\", \"CVE-2018-4234\", \n \"CVE-2018-4230\", \"CVE-2018-4141\", \"CVE-2018-4219\", \"CVE-2018-4241\", \n \"CVE-2018-4243\", \"CVE-2018-4251\", \"CVE-2018-4253\", \"CVE-2018-7584\", \n \"CVE-2018-4184\", \"CVE-2018-4228\", \"CVE-2018-4229\", \"CVE-2018-4221\", \n \"CVE-2018-4223\", \"CVE-2018-4224\", \"CVE-2018-4226\", \"CVE-2018-4227\", \n \"CVE-2018-4202\", \"CVE-2018-4242\", \"CVE-2018-4240\", \"CVE-2018-4196\", \n \"CVE-2018-4198\", \"CVE-2018-4225\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-07 15:56:22 +0200 (Thu, 07 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-04 14:08:42 +0530 (Mon, 04 Jun 2018)\");\n script_name(\"Apple MacOSX Security Updates(HT208849)-01\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists due to,\n\n - A logic issue in validation.\n\n - A memory corruption issue in memory handling.\n\n - An injection issue in input validation.\n\n - A race condition in locking.\n\n - A validation issue in input sanitization.\n\n - A type confusion issue in memory handling.\n\n - A buffer overflow issue in bounds checking.\n\n - A device configuration issue in configuration.\n\n - An out-of-bounds read issue leading to the disclosure of kernel memory.\n\n - A sandbox issue in handling of microphone access.\n\n - An issue in parsing entitlement plists.\n\n - An issue in the handling of S-MIME certificaties.\n\n - An authorization issue in state management.\n\n - An issue in the handling of encrypted Mail.\n\n - An input validation issue.\n\n - A memory corruption vulnerability in improved locking.\n\n - An information disclosure issue in Accessibility Framework.\n\n - A validation issue existed in the handling of text.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges, execute arbitrary code, conduct\n impersonation attacks, read restricted memory, modify the EFI flash memory\n region, circumvent sandbox restrictions, read a persistent account identifier,\n read kernel memory, view sensitive user information, exfiltrate the contents\n of S/MIME- encrypted e-mail, spoof password prompts in iBooks and cause denial\n of service.\n\n Impact Level: System\");\n\n script_tag(name: \"affected\" , value:\"Apple Mac OS X versions,\n 10.13.x through 10.13.4\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Apple Mac OS X 10.13.5 or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name : \"URL\" , value : \"https://support.apple.com/en-in/HT208849\");\n script_xref(name : \"URL\" , value : \"https://www.apple.com\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^(10.13)\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nif(version_is_less(version:osVer, test_version:\"10.13.5\"))\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.13.5\");\n security_message(data:report);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-12-10T23:52:29", "references": ["http://www.nessus.org/u?68a789b4", "https://support.apple.com/en-us/HT208849"], "pluginID": "110324", "description": "The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.5. It is, therefore, affected by multiple vulnerabilities.\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "edition": 11, "reporter": "Tenable", "published": "2018-06-05T00:00:00", "title": "macOS 10.13.x < 10.13.5 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"modified": "2018-12-10T23:52:29", "vector": "NONE", "value": 7.2}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-4184", "CVE-2018-4253", "CVE-2018-4211", "CVE-2018-4193", "CVE-2018-4223", "CVE-2018-4227", "CVE-2018-4219", "CVE-2018-4229", "CVE-2018-4225", "CVE-2018-4228", "CVE-2018-4236", "CVE-2018-4234", "CVE-2018-4202", "CVE-2018-4242", "CVE-2018-4224", "CVE-2018-4221", "CVE-2018-4241", "CVE-2018-4198", "CVE-2018-4167", "CVE-2018-4237", "CVE-2018-4251", "CVE-2018-4159", "CVE-2018-4235", "CVE-2018-4249", "CVE-2018-8897", "CVE-2018-7584", "CVE-2018-4240", "CVE-2018-5383", "CVE-2018-4196", "CVE-2018-4171", "CVE-2018-4141", "CVE-2018-4243", "CVE-2018-4230", "CVE-2018-4226"], "modified": "2018-12-07T00:00:00", "cpe": ["cpe:/o:apple:macos", "cpe:/o:apple:mac_os_x"], "id": "MACOS_10_13_5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=110324", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110324);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/07 17:08:17\");\n\n script_cve_id(\n \"CVE-2018-4141\",\n \"CVE-2018-4159\",\n \"CVE-2018-4167\",\n \"CVE-2018-4171\",\n \"CVE-2018-4184\",\n \"CVE-2018-4193\",\n \"CVE-2018-4196\",\n \"CVE-2018-4198\",\n \"CVE-2018-4202\",\n \"CVE-2018-4211\",\n \"CVE-2018-4219\",\n \"CVE-2018-4221\",\n \"CVE-2018-4223\",\n \"CVE-2018-4224\",\n \"CVE-2018-4225\",\n \"CVE-2018-4226\",\n \"CVE-2018-4227\",\n \"CVE-2018-4228\",\n \"CVE-2018-4229\",\n \"CVE-2018-4230\",\n \"CVE-2018-4234\",\n \"CVE-2018-4235\",\n \"CVE-2018-4236\",\n \"CVE-2018-4237\",\n \"CVE-2018-4240\",\n \"CVE-2018-4241\",\n \"CVE-2018-4242\",\n \"CVE-2018-4243\",\n \"CVE-2018-4249\",\n \"CVE-2018-4251\",\n \"CVE-2018-4253\",\n \"CVE-2018-5383\",\n \"CVE-2018-7584\",\n \"CVE-2018-8897\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-7-23-2\");\n script_xref(name:\"IAVA\", value:\"2018-A-0172\");\n\n script_name(english:\"macOS 10.13.x < 10.13.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is\n10.13.x prior to 10.13.5. It is, therefore, affected by multiple\nvulnerabilities.\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208849\");\n # https://lists.apple.com/archives/security-announce/2018/Jul/msg00009.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68a789b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4229\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfix = \"10.13.5\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
