Apple iCloud 10.x < 10.8 Multiple Vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OpenVAS | Apple iCloud Security Updates (HT210727) | 5 Nov 201900:00 | – | openvas |
OpenVAS | Apple iCloud Security Updates (HT210728) | 5 Nov 201900:00 | – | openvas |
OpenVAS | Apple iTunes Security Updates (HT210726) | 5 Nov 201900:00 | – | openvas |
OpenVAS | Apple Safari Security Updates (HT210725) | 30 Oct 201900:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DSA-4558-1) | 6 Nov 201900:00 | – | openvas |
OpenVAS | Mageia: Security Advisory (MGASA-2019-0324) | 28 Jan 202200:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2020:1135-1) | 19 Apr 202100:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2019:3044-1) | 9 Jun 202100:00 | – | openvas |
OpenVAS | openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:2587-1) | 1 Dec 201900:00 | – | openvas |
OpenVAS | openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:2591-1) | 9 Jan 202000:00 | – | openvas |
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(138093);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/12");
script_cve_id(
"CVE-2019-8710",
"CVE-2019-8750",
"CVE-2019-8766",
"CVE-2019-8782",
"CVE-2019-8783",
"CVE-2019-8784",
"CVE-2019-8811",
"CVE-2019-8813",
"CVE-2019-8814",
"CVE-2019-8815",
"CVE-2019-8816",
"CVE-2019-8819",
"CVE-2019-8820",
"CVE-2019-8821",
"CVE-2019-8822",
"CVE-2019-8823"
);
script_name(english:"Apple iCloud 10.x < 10.8 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"An iCloud software installed on the remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its version, the iCloud application installed on the remote Windows host is 10.x prior to 10.8.
It is, therefore, affected by multiple vulnerabilities:
- Multiple arbitrary code execution vulnerabilities exist with in the WebKit due to multiple memory
corruption issues. An unauthenticated, remote attacker can exploit this to execute arbitrary code.
(CVE-2019-8710, CVE-2019-8766, CVE-2019-8782, CVE-2019-8783, CVE-2019-8784, CVE-2019-8811, CVE-2019-8814,
CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823)
- Multiple issues exist with in the Libxslt due to multiple memory corruption issue. (CVE-2019-8750)
- An cross site scripting vulnerability exist with in the WebKit due to logic issue. An unauthenticated,
remote attacker can exploit this by processing maliciously crafted web content may lead to universal
cross site scripting. (CVE-2019-8813)
- An arbitrary code execution vulnerability exist with in the WebKit due to multiple memory corruption
issue. An unauthenticated, remote attacker can exploit this by processing maliciously crafted web
content may lead to arbitrary code execution. (CVE-2019-8815)");
script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT210727");
script_set_attribute(attribute:"solution", value:
"Upgrade to iCloud version 10.8 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8816");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-8750");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:icloud_for_windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("icloud_installed.nasl");
script_require_keys("installed_sw/iCloud");
exit(0);
}
include('vcf.inc');
app = 'iCloud';
app_info = vcf::get_app_info(app:app, win_local:TRUE);
constraints = [
{'min_version' : '10.0', 'fixed_version' : '10.8'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo