Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_10_14_5.NASL
HistoryMay 15, 2019 - 12:00 a.m.

macOS 10.14.x < 10.14.5 Multiple Vulnerabilities

2019-05-1500:00:00
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.5. It is, therefore, affected by multiple vulnerabilities :

  • An application may be able to read restricted memory (CVE-2019-8603, CVE-2019-8560)

  • An application may be able to execute arbitrary code with system privileges (CVE-2019-8635, CVE-2019-8616, CVE-2019-8629, CVE-2018-4456, CVE-2019-8604,CVE-2019-8574, CVE-2019-8569)

  • An application may be able to execute arbitrary code with kernel privileges (CVE-2019-8590)

  • Processing a maliciously crafted audio file may lead to arbitrary code execution (CVE-2019-8592)

  • Processing a maliciously crafted movie file may lead to arbitrary code execution (CVE-2019-8585)

  • A malicious application may bypass Gatekeeper checks (CVE-2019-8589)

  • A malicious application may be able to read restricted memory (CVE-2019-8560, CVE-2019-8598)

  • A user may be unexpectedly logged in to another users account (CVE-2019-8634)

  • A local user may be able to load unsigned kernel extensions (CVE-2019-8606)

  • A malicious application may be able to execute arbitrary code with system privileges (CVE-2019-8605)

  • A local user may be able to cause unexpected system termination or read kernel memory (CVE-2019-8576)

  • An application may be able to cause unexpected system termination or write kernel memory (CVE-2019-8591)

  • An application may be able to gain elevated privileges (CVE-2019-8577)

  • A maliciously crafted SQL query may lead to arbitrary code execution (CVE-2019-8600)

  • A malicious application may be able to elevate privileges (CVE-2019-8602)

  • A local user may be able to modify protected parts of the file system (CVE-2019-8568)

  • Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-6237, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628)

  • Processing maliciously crafted web content may result in the disclosure of process memory (CVE-2019-8607)

Note that Nessus has not tested for this issue but has instead relied only on the operating system’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125150);
  script_version("1.6");
  script_cvs_date("Date: 2019/12/13");

  script_cve_id(
    "CVE-2018-4456",
    "CVE-2019-6237",
    "CVE-2019-8560",
    "CVE-2019-8568",
    "CVE-2019-8569",
    "CVE-2019-8571",
    "CVE-2019-8574",
    "CVE-2019-8576",
    "CVE-2019-8577",
    "CVE-2019-8583",
    "CVE-2019-8584",
    "CVE-2019-8585",
    "CVE-2019-8586",
    "CVE-2019-8587",
    "CVE-2019-8589",
    "CVE-2019-8590",
    "CVE-2019-8591",
    "CVE-2019-8592",
    "CVE-2019-8594",
    "CVE-2019-8595",
    "CVE-2019-8596",
    "CVE-2019-8597",
    "CVE-2019-8598",
    "CVE-2019-8600",
    "CVE-2019-8601",
    "CVE-2019-8602",
    "CVE-2019-8603",
    "CVE-2019-8604",
    "CVE-2019-8605",
    "CVE-2019-8606",
    "CVE-2019-8607",
    "CVE-2019-8608",
    "CVE-2019-8609",
    "CVE-2019-8610",
    "CVE-2019-8611",
    "CVE-2019-8615",
    "CVE-2019-8616",
    "CVE-2019-8619",
    "CVE-2019-8622",
    "CVE-2019-8623",
    "CVE-2019-8628",
    "CVE-2019-8629",
    "CVE-2019-8634",
    "CVE-2019-8635"
  );
  script_xref(name:"APPLE-SA", value:"HT210119");
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-05-09");

  script_name(english:"macOS 10.14.x < 10.14.5 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Mac OS X / macOS.");

  script_set_attribute(attribute:"synopsis", value:"The remote host is missing a macOS update that fixes multiple
vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.5. It is, therefore, affected 
by multiple vulnerabilities :

  - An application may be able to read restricted memory (CVE-2019-8603, CVE-2019-8560)

  - An application may be able to execute arbitrary code with system privileges (CVE-2019-8635, CVE-2019-8616, 
  CVE-2019-8629, CVE-2018-4456, CVE-2019-8604,CVE-2019-8574, CVE-2019-8569)

  - An application may be able to execute arbitrary code with kernel privileges (CVE-2019-8590)

  - Processing a maliciously crafted audio file may lead to arbitrary code execution (CVE-2019-8592)

  - Processing a maliciously crafted movie file may lead to arbitrary code execution (CVE-2019-8585)

  - A malicious application may bypass Gatekeeper checks (CVE-2019-8589)

  - A malicious application may be able to read restricted memory (CVE-2019-8560, CVE-2019-8598)

  - A user may be unexpectedly logged in to another users account (CVE-2019-8634)

  - A local user may be able to load unsigned kernel extensions (CVE-2019-8606)

  - A malicious application may be able to execute arbitrary code with system privileges (CVE-2019-8605)

  - A local user may be able to cause unexpected system termination or read kernel memory (CVE-2019-8576)

  - An application may be able to cause unexpected system termination or write kernel memory (CVE-2019-8591)

  - An application may be able to gain elevated privileges (CVE-2019-8577)

  - A maliciously crafted SQL query may lead to arbitrary code execution (CVE-2019-8600)

  - A malicious application may be able to elevate privileges (CVE-2019-8602)

  - A local user may be able to modify protected parts of the file system (CVE-2019-8568)

  - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2019-6237, CVE-2019-8571,
    CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, 
    CVE-2019-8597, CVE-2019-8601, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, 
    CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628)

  - Processing maliciously crafted web content may result in the disclosure of process memory (CVE-2019-8607)

Note that Nessus has not tested for this issue but has instead relied
only on the operating system's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT210119");
  script_set_attribute(attribute:"solution", value:"Upgrade to macOS version 10.14.5 or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4456");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
  script_require_ports("Host/MacOSX/Version", "Host/OS");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

fix = "10.14.5";
minver = "10.14";

os = get_kb_item("Host/MacOSX/Version");
if (!os)
{
  os = get_kb_item_or_exit("Host/OS");
  if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");

  c = get_kb_item("Host/OS/Confidence");
  if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
}
if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");

matches = pregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
if (empty_or_null(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "').");

version = matches[1];

if (ver_compare(ver:version, minver:minver, fix:fix, strict:FALSE) == -1)
{
  security_report_v4(
    port:0,
    severity:SECURITY_HOLE,
    extra:
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fix +
      '\n'
    );
}
else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
applemacoscpe:/o:apple:macos

References

Related

nessus 20
apple 18
openvas 11
suse 1
kaspersky 2
threatpost 2
fedora 2
archlinux 1
freebsd 1
ubuntu 1
myhack58 1
githubexploit 2
osv 2
redhat 1
rocky 1
zdi 12
prion 33
cve 33
zdt 3
veracode 12
debiancve 12
ubuntucve 13
redhatcve 13
checkpoint_advisories 2
nessus
nessus
macOS 10.x < 10.14.5 Multiple Vulnerabilities (APPLE-SA-2019-05-09)
2019-05-16 00:00:00
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-003)
2019-05-15 00:00:00
Apple iTunes for Windows < 12.9.5 Multiple Vulnerabilities (uncredentialed check)
2019-07-04 00:00:00
apple
apple
About the security content of iCloud for Windows 10.4
2019-06-11 00:00:00
About the security content of iCloud for Windows 10.4 - Apple Support
2019-06-12 09:10:16
About the security content of Safari 12.1.1 - Apple Support
2019-05-13 05:28:02
openvas
openvas
Apple iCloud Security Updates (HT210212)
2019-06-14 00:00:00
Apple Safari Security Updates (HT210123)
2019-05-14 00:00:00
openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:1766-1)
2019-07-22 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2019-07-21 00:00:00
kaspersky
kaspersky
KLA11490 Multiple vulnerabilities in iCloud
2019-05-28 00:00:00
KLA11489 Multiple vulnerabilities in iTunes
2019-05-28 00:00:00
threatpost
threatpost
DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack
2019-08-10 21:00:04
Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More
2019-05-14 20:31:36
fedora
fedora
[SECURITY] Fedora 30 Update: webkit2gtk3-2.24.2-1.fc30
2019-05-20 01:06:00
[SECURITY] Fedora 29 Update: webkit2gtk3-2.24.2-1.fc29
2019-05-30 17:27:39
archlinux
archlinux
[ASA-201905-10] webkit2gtk: multiple issues
2019-05-28 00:00:00
freebsd
freebsd
webkit2-gtk3 -- Multiple vulnerabilities
2019-04-10 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2019-05-22 00:00:00
myhack58
myhack58
CVE-2019-8603: Safari sandbox escape&LPE in-depth analysis-vulnerability warning-the black bar safety net
2019-06-03 00:00:00
githubexploit
githubexploit
Exploit for Type Confusion in Apple Iphone Os
2020-01-20 00:33:37
Exploit for Out-of-bounds Write in Apple Icloud
2020-01-02 00:12:22
osv
osv
Low: GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
Low: GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
redhat
redhat
(RHSA-2019:3553) Low: GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
rocky
rocky
GNOME security, bug fix, and enhancement update
2019-11-05 17:59:21
zdi
zdi
QuickTime get_by_tree Memory Corruption Information Disclosure Vulnerability
2019-09-17 00:00:00
Apple macOS ACGetNewAU Memory Corruption Information Disclosure Vulnerability
2019-06-07 00:00:00
Apple Safari RootInlineBox Use-After-Free Remote Code Execution Vulnerability
2019-05-30 00:00:00
prion
prion
Type confusion
2019-12-18 18:15:00
Input validation
2019-12-18 18:15:00
Input validation
2019-12-18 18:15:00
cve
cve
CVE-2019-8585
2019-12-18 18:15:00
CVE-2019-8571
2019-12-18 18:15:00
CVE-2019-8603
2019-12-18 18:15:00
zdt
zdt
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Exploit
2019-05-21 00:00:00
macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment
2019-05-21 00:00:00
macOS < 10.14.5 / iOS < 12.3 XNU - in6_pcbdetach Stale Pointer Use-After-Free Exploit
2019-05-21 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-10-01 03:52:25
Arbitrary Code Execution
2020-10-01 03:52:27
Arbitrary Code Execution
2020-10-01 03:52:23
debiancve
debiancve
CVE-2019-8586
2019-12-18 18:15:00
CVE-2019-8609
2019-12-18 18:15:00
CVE-2019-6237
2019-12-18 18:15:00
ubuntucve
ubuntucve
CVE-2019-8586
2019-12-18 00:00:00
CVE-2019-8571
2019-12-18 00:00:00
CVE-2019-8587
2019-12-18 00:00:00
redhatcve
redhatcve
CVE-2019-8586
2020-09-08 13:20:17
CVE-2019-8609
2020-09-08 13:19:59
CVE-2019-8584
2020-09-08 13:19:42
checkpoint_advisories
checkpoint_advisories
Apple Multiple Products Memory Corruption (CVE-2019-8611)
2020-07-03 00:00:00
Apple iTunes Memory Corruption (CVE-2019-8601)
2020-02-05 00:00:00
JSON
Related for MACOS_10_14_5.NASL
nessus20apple18openvas11suse1kaspersky2threatpost2fedora2archlinux1freebsd1ubuntu1myhack581githubexploit2osv2redhat1rocky1zdi12prion33cve33zdt3veracode12debiancve12ubuntucve13redhatcve13checkpoint_advisories2