Lucene search

K
nessusTenable700119.PRM
HistoryMay 17, 2017 - 12:00 a.m.

Mac OS X 10.x < 10.12.5 Multiple Vulnerabilities

2017-05-1700:00:00
Tenable
www.tenable.com
9

The remote host is running a version of Mac OS X version 10.x prior to 10.12.5, and is affected by multiple vulnerabilities :

  • An overflow condition exists in the ‘_XGetWindowMovementGroup()’ function within the WindowServer component that is triggered as certain input is not properly validated. This may allow a local attacker to cause a stack-based buffer overflow and potentially execute arbitrary code with the privileges of WindowServer.
  • An unspecified flaw exists in the Intel graphics driver. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel-level privileges.
  • An unspecified flaw exists in the NVIDIA graphics drivers. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel-level privileges.
  • A flaw exists in the speechsynthesisd service, as unsigned dynamic libraries (.dylib) are improperly validated before being loaded. This may allow a local attacker to bypass an application’s sandbox and execute arbitrary code with elevated privileges.
  • An unspecified flaw exists in the Speech Framework. This may allow an attacker to escape an application sandbox.
  • A certificate validation flaw exists in 802.1X authentication that is triggered in EAP-TLS when a certificate has changed. This may allow a context-dependent attacker to disclose user network credentials.
  • A type confusion flaw exists in SQLite that is triggered as certain input related to ‘snippet’ is not properly validated. With specially crafted web content, a context-dependent attacker can corrupt memory and potentially execute arbitrary code.

This product is also affected by vulnerabilities found in the following components:

  • Accessibility
  • CoreAnimation
  • CoreAudio
  • CoreFoundation
  • DiskArbitration
  • Foundation
  • HFS
  • iBooks
  • IOSurface
  • Kernel)
  • Multi-Touch
  • SQLite
  • Sandbox
  • Security
  • TextInput
  • WindowServer
Binary data 700119.prm
VendorProductVersion
applemac_os_x

References