Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_HT212600.NASL
HistoryJul 23, 2021 - 12:00 a.m.

macOS 10.15.x < Catalina Security Update 2021-004 Catalina (HT212600)

2021-07-2300:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
50
JSON

The remote host is running a version of macOS / Mac OS X that is 0.0.x prior to Catalina Security Update 2021-004 Catalina. It is, therefore, affected by multiple vulnerabilities : Note that Nessus has not tested for this issue but has instead relied only on the operating system’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(152036);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/11/05");

  script_cve_id(
    "CVE-2021-30672",
    "CVE-2021-30677",
    "CVE-2021-30703",
    "CVE-2021-30731",
    "CVE-2021-30733",
    "CVE-2021-30759",
    "CVE-2021-30760",
    "CVE-2021-30765",
    "CVE-2021-30766",
    "CVE-2021-30768",
    "CVE-2021-30775",
    "CVE-2021-30776",
    "CVE-2021-30777",
    "CVE-2021-30780",
    "CVE-2021-30781",
    "CVE-2021-30782",
    "CVE-2021-30783",
    "CVE-2021-30785",
    "CVE-2021-30787",
    "CVE-2021-30788",
    "CVE-2021-30789",
    "CVE-2021-30790",
    "CVE-2021-30793",
    "CVE-2021-30796",
    "CVE-2021-30799",
    "CVE-2021-30805"
  );
  script_xref(name:"APPLE-SA", value:"HT212600");
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2021-07-21");
  script_xref(name:"IAVA", value:"2021-A-0349-S");

  script_name(english:"macOS 10.15.x < Catalina Security Update 2021-004 Catalina (HT212600)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.7 Security Update 2021-004
Catalina. It is, therefore, affected by multiple vulnerabilities, including the following:

  - An application may be able to execute arbitrary code with kernel privileges
    (CVE-2021-30805)

  - Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
    (CVE-2021-30790)

  - A malicious application may be able to gain root privileges (CVE-2021-30672)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported
version number.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS / Mac OS X that is 0.0.x prior to Catalina Security Update 2021-004
Catalina. It is, therefore, affected by multiple vulnerabilities : Note that Nessus has not tested for this issue but
has instead relied only on the operating system's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT212600");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS 10.15.x < Catalina Security Update 2021-004 Catalina or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30805");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/07/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_ports("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_apple.inc');

var app_info = vcf::apple::macos::get_app_info();

var constraints = [
  {
    'max_version' : '10.15.7',
    'min_version' : '10.15',
    'fixed_build': '19H1323',
    'fixed_display' : '10.15.7 Security Update 2021-004 Catalina'
  }
];

vcf::apple::macos::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE
);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
applemacoscpe:/o:apple:macos

References

Related

nessus 22
apple 14
openvas 15
threatpost 1
cve 26
prion 26
zdi 9
ubuntucve 1
cnvd 3
debiancve 1
redhatcve 1
alpinelinux 1
qualysblog 2
fedora 2
archlinux 2
mageia 1
debian 1
suse 2
osv 4
ubuntu 1
oraclelinux 1
rocky 1
almalinux 1
redhat 2
gentoo 1
amazon 1
ibm 1
nessus
nessus
macOS 10.14.x < 10.14.6 Mojave Security Update 2021-005 (HT212603)
2021-07-23 00:00:00
macOS 11.x < 11.5 (HT212602)
2021-07-23 00:00:00
Apple iOS < 14.7 Multiple Vulnerabilities (HT212601)
2021-07-23 00:00:00
apple
apple
About the security content of Security Update 2021-005 Mojave
2021-07-21 00:00:00
About the security content of Security Update 2021-004 Catalina
2021-07-21 00:00:00
About the security content of macOS Big Sur 11.5
2021-07-21 00:00:00
openvas
openvas
Apple Mac OS X Security Update (HT212603)
2022-09-22 00:00:00
Apple Mac OS X Security Update (HT212600)
2022-09-22 00:00:00
Apple Mac OS X Security Update (HT212602)
2022-09-22 00:00:00
threatpost
threatpost
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
2021-07-22 16:18:25
cve
cve
CVE-2021-30768
2021-09-08 14:15:00
CVE-2021-30672
2021-09-08 15:15:00
CVE-2021-30793
2021-09-08 14:15:00
prion
prion
Design/Logic Flaw
2021-09-08 14:15:00
Design/Logic Flaw
2021-09-08 14:15:00
Design/Logic Flaw
2021-09-08 14:15:00
zdi
zdi
Apple macOS libType1Scaler PFB Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
2021-08-05 00:00:00
Apple macOS CoreText TTF File Parsing Integer Overflow Information Disclosure Vulnerability
2021-08-11 00:00:00
Apple macOS process_token_BindQueryStoreRegisterToMemoryList Out-Of-Bounds Write Privilege Escalation Vulnerability
2021-08-05 00:00:00
ubuntucve
ubuntucve
CVE-2021-30799
2021-07-27 00:00:00
cnvd
cnvd
Apple macOS Big Sur Buffer Overflow Vulnerability (CNVD-2021-102842)
2021-07-23 00:00:00
Apple macOS Big Sur Buffer Overflow Vulnerability (CNVD-2021-102841)
2021-07-23 00:00:00
Apple macOS Big Sur Buffer Overflow Vulnerability (CNVD-2021-102843)
2021-07-23 00:00:00
debiancve
debiancve
CVE-2021-30799
2021-09-08 14:15:00
redhatcve
redhatcve
CVE-2021-30799
2021-07-28 14:20:22
alpinelinux
alpinelinux
CVE-2021-30799
2021-09-08 14:15:00
qualysblog
qualysblog
iOS and iPadOS 14.7 and 14.7.1 Security Update: Discover Vulnerabilities and Take Remote Response Action Using VMDR for Mobile Devices
2021-07-28 19:41:48
Protect your Devices from Pegasus Spyware using VMDR for Mobile Devices’ Proactive Approach
2021-07-23 16:31:38
fedora
fedora
[SECURITY] Fedora 34 Update: webkit2gtk3-2.32.3-1.fc34
2021-07-29 01:09:31
[SECURITY] Fedora 33 Update: webkit2gtk3-2.32.3-1.fc33
2021-08-08 01:08:31
archlinux
archlinux
[ASA-202107-68] wpewebkit: multiple issues
2021-07-27 00:00:00
[ASA-202107-67] webkit2gtk: multiple issues
2021-07-27 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2021-08-14 17:00:09
debian
debian
[SECURITY] [DSA 4945-1] webkit2gtk security update
2021-07-28 18:56:16
suse
suse
Security update for webkit2gtk3 (important)
2021-08-10 00:00:00
Security update for webkit2gtk3 (important)
2021-08-03 00:00:00
osv
osv
webkit2gtk - security update
2021-07-28 00:00:00
webkit2gtk vulnerabilities
2021-07-28 16:33:22
Moderate: GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
ubuntu
ubuntu
WebKitGTK vulnerabilities
2021-07-28 00:00:00
oraclelinux
oraclelinux
GNOME security, bug fix, and enhancement update
2021-11-16 00:00:00
rocky
rocky
GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
almalinux
almalinux
Moderate: GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
redhat
redhat
(RHSA-2021:4381) Moderate: GNOME security, bug fix, and enhancement update
2021-11-09 09:15:15
(RHSA-2022:0202) Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update
2022-01-20 06:27:36
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2022-02-01 00:00:00
amazon
amazon
Important: webkitgtk4
2023-06-07 23:52:00
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
JSON
Related for MACOS_HT212600.NASL
nessus22apple14openvas15threatpost1cve26prion26zdi9ubuntucve1cnvd3debiancve1redhatcve1alpinelinux1qualysblog2fedora2archlinux2mageia1debian1suse2osv4ubuntu1oraclelinux1rocky1almalinux1redhat2gentoo1amazon1ibm1