logo
DATABASE RESOURCES PRICING ABOUT US

Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities

Description

The remote host is running a version of Mac OS X version 10.x prior to 10.12.4 , and is affected by multiple vulnerabilities : - A format string flaw exists that is triggered as string format specifiers (e.g. %s and %x) are not properly used when handling IPP(S) links. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2403) - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API call. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423) - A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430) - A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441) - A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448) - An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462) - An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2485) Additional flaws exist in the following components : - AppleGraphicsPowerManagement (CVE-2017-2421) - AppleRAID (CVE-2017-2438) - Bluetooth (CVE-2017-2420, CVE-2017-2427, CVE-2017-2449) - Carbon (CVE-2017-2379) - CoreGraphics (CVE-2017-2417) - CoreMedia (2017-2431) - CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461) - EFI (CVE-2016-7585) - Finderkit (CVE-2017-2429) - FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487) - Hypervisor (CVE-2017-2418) - iBooks (CVE-2017-2426) - IOATAFamily (CVE-2017-2408) - IOFireWireAVC (CVE-2017-2436, CVE-2017-2437) - IOFireWireFamily (CVE-2017-2388) - ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467) - Intel Graphics (CVE-2017-2443) - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2410, 2017-2440, 2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2489, CVE-2017-2490) - Keyboards (CVE-2017-2458) - libarchive (CVE-2017-2390) - libxslt (CVE-2017-2477) - MCX (CVE-2017-2402) - Menus (CVE-2017-2409) - Multi-touch (CVE-2017-2422) - nghttp2 (CVE-2017-2428) - QuickTime (2017-2413) - Security (2017-2451, 2017-6974) - SecurityFoundation (CVE-2017-2425) - sudo (CVE-2017-2381) - WebKit (CVE-2017-2392, CVE-2017-2457, CVE-2017-2486)


Related