Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_HT212805.NASL
HistorySep 16, 2021 - 12:00 a.m.

macOS 10.15.x < Catalina Security Update 2021-005 Catalina (HT212805)

2021-09-1600:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
126
JSON

The remote host is running a version of macOS / Mac OS X that is prior to Catalina Security Update 2021-005. It is, therefore, affected by multiple vulnerabilities, including the following:

  • Arbitrary code execution when processing a maliciously crafted image. (CVE-2021-30835, CVE-2021-30847)

  • An integer overflow issue due to insufficient input validation, which can lead to arbitrary code execution by an unauthenticated attacker when processing a maliciously crafted PDF. (CVE-2021-30860)

  • Arbitrary code execution when processing a maliciously crafted dfont file. (CVE-2021-30841, CVE-2021-30842, CVE-2021-30843)

Note that Nessus has not tested for this issue but has instead relied only on the operating system’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(153432);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id(
    "CVE-2013-0340",
    "CVE-2020-29622",
    "CVE-2021-22925",
    "CVE-2021-30713",
    "CVE-2021-30783",
    "CVE-2021-30827",
    "CVE-2021-30828",
    "CVE-2021-30829",
    "CVE-2021-30830",
    "CVE-2021-30832",
    "CVE-2021-30835",
    "CVE-2021-30841",
    "CVE-2021-30842",
    "CVE-2021-30843",
    "CVE-2021-30844",
    "CVE-2021-30847",
    "CVE-2021-30850",
    "CVE-2021-30855",
    "CVE-2021-30857",
    "CVE-2021-30859",
    "CVE-2021-30860",
    "CVE-2021-30865",
    "CVE-2021-31010"
  );
  script_xref(name:"APPLE-SA", value:"HT212805");
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2021-09-13-4");
  script_xref(name:"IAVA", value:"2021-A-0414-S");
  script_xref(name:"IAVA", value:"2021-A-0437-S");
  script_xref(name:"IAVA", value:"2021-A-0505-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/15");

  script_name(english:"macOS 10.15.x < Catalina Security Update 2021-005 Catalina (HT212805)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS / Mac OS X that is prior to Catalina Security Update 2021-005. It is,
therefore, affected by multiple vulnerabilities, including the following:

  - Arbitrary code execution when processing a maliciously crafted image. (CVE-2021-30835, CVE-2021-30847)

  - An integer overflow issue due to insufficient input validation, which can lead to arbitrary code
    execution by an unauthenticated attacker when processing a maliciously crafted PDF. (CVE-2021-30860)

  - Arbitrary code execution when processing a maliciously crafted dfont file. (CVE-2021-30841,
    CVE-2021-30842, CVE-2021-30843)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported
version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT212805");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS to Catalina Security Update 2021-005 or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30865");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/09/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_ports("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_apple.inc');

var app_info = vcf::apple::macos::get_app_info();

var constraints = [
  {
    'max_version' : '10.15.7',
    'min_version' : '10.15',
    'fixed_build' : '19H1417',
    'fixed_display' : '10.15.7 Security Update 2021-005 Catalina' }
];

vcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
applemacoscpe:/o:apple:macos

References

Related

apple 10
openvas 22
nessus 32
qualysblog 2
cnvd 1
prion 25
cve 25
checkpoint_advisories 1
attackerkb 4
cisa_kev 3
zdi 1
threatpost 4
osv 7
googleprojectzero 1
slackware 2
freebsd 4
thn 6
ibm 12
ubuntucve 3
cbl_mariner 3
githubexploit 1
malwarebytes 1
veracode 2
debiancve 2
alpinelinux 2
cloudlinux 1
kaspersky 2
hivepro 1
cisa 1
fedora 2
gentoo 1
photon 2
hackerone 1
redhatcve 2
ubuntu 2
mageia 1
altlinux 1
archlinux 2
redhat 1
oraclelinux 1
cloudfoundry 1
almalinux 1
apple
apple
About the security content of Security Update 2021-005 Catalina
2021-09-13 00:00:00
About the security content of macOS Big Sur 11.6
2021-09-13 00:00:00
About the security content of watchOS 7.6.2
2021-09-13 00:00:00
openvas
openvas
Apple Mac OS X Security Update (HT212805)
2021-09-14 00:00:00
Apple Mac OS X Security Update (HT212804)
2021-09-14 00:00:00
Apple iTunes Security Update (HT212817)
2021-09-22 00:00:00
nessus
nessus
macOS 11.x < 11.6 (HT212804)
2021-09-16 00:00:00
Apple iOS < 14.8 Multiple Vulnerabilities (HT212807)
2021-09-16 00:00:00
Apple iOS < 15 Multiple Vulnerabilities (HT212814)
2021-09-21 00:00:00
qualysblog
qualysblog
NSO Pegasus iPhone Spyware Vulnerabilities Fixed by Apple – Detect & Prioritize Using VMDR for Mobile Devices
2021-09-29 08:28:10
Detect & Prioritize NSO Pegasus iPhone Spyware Vulnerabilities Using VMDR for Mobile Devices
2021-09-20 14:47:57
cnvd
cnvd
Multiple Apple product code issues vulnerabilities
2022-09-02 00:00:00
prion
prion
Input validation
2021-10-19 14:15:00
Code injection
2021-10-19 14:15:00
Design/Logic Flaw
2021-10-19 14:15:00
cve
cve
CVE-2021-30855
2021-08-24 19:15:00
CVE-2021-30835
2021-10-19 14:15:00
CVE-2021-30850
2021-10-19 14:15:00
checkpoint_advisories
checkpoint_advisories
Apple macOS Privilege Escalation (CVE-2021-30713)
2021-06-13 00:00:00
attackerkb
attackerkb
CVE-2021-30713
2021-09-08 00:00:00
CVE-2021-31010
2021-08-24 00:00:00
CVE-2021-30860
2021-08-24 00:00:00
cisa_kev
cisa_kev
Apple macOS Unspecified Vulnerability
2021-11-03 00:00:00
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
2022-08-25 00:00:00
Apple Multiple Products Integer Overflow Vulnerability
2021-11-03 00:00:00
zdi
zdi
Apple macOS CVMServer Use-After-Free Privilege Escalation Vulnerability
2022-02-16 00:00:00
threatpost
threatpost
Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots
2021-05-25 12:25:55
Apple Issues Emergency Fix for NSO Zero-Click Zero Day
2021-09-13 22:10:15
Apple Patches 3 More Zero-Days Under Active Attack
2021-09-24 11:29:27
osv
osv
CVE-2021-30860
2021-08-24 19:15:14
CVE-2021-22925
2021-08-05 21:15:11
CVE-2022-38171
2022-08-22 19:15:11
googleprojectzero
googleprojectzero
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
2021-12-15 00:00:00
slackware
slackware
[slackware-security] poppler
2022-09-01 20:05:47
[slackware-security] expat
2021-05-23 19:55:46
freebsd
freebsd
Python -- multiple vulnerabilities
2021-08-30 00:00:00
texproc/expat2 -- billion laugh attack
2013-02-21 00:00:00
Python -- multiple vulnerabilities
2021-08-30 00:00:00
thn
thn
3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company
2021-09-15 11:03:00
Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware
2022-02-04 11:52:00
Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware
2021-09-14 04:35:00
ibm
ibm
Security Bulletin: IBM Prospect is affected by Expat XML Parser vulnerability (CVE-2013-0340)
2018-06-17 15:49:59
Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2021-22925)
2021-10-04 15:42:39
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22925)
2022-04-22 14:30:11
ubuntucve
ubuntucve
CVE-2013-0340
2014-01-21 00:00:00
CVE-2021-22925
2021-07-21 00:00:00
CVE-2022-38171
2022-08-22 00:00:00
cbl_mariner
cbl_mariner
CVE-2013-0340 affecting package expat 2.2.6-4
2022-01-10 03:59:19
CVE-2021-22925 affecting package curl 7.76.0-6
2022-04-09 06:51:45
CVE-2021-22925 affecting package curl 7.76.0-9
2021-08-11 06:39:26
githubexploit
githubexploit
Exploit for Integer Overflow or Wraparound in Apple Ipados
2021-09-18 22:14:17
malwarebytes
malwarebytes
Apple releases emergency update: Patch, but don’t panic
2021-09-14 11:39:39
veracode
veracode
XML External Entities (XXE)
2019-06-12 07:55:17
Information Disclosure
2021-07-22 05:50:58
debiancve
debiancve
CVE-2013-0340
2014-01-21 18:55:00
CVE-2021-22925
2021-08-05 21:15:00
alpinelinux
alpinelinux
CVE-2021-22925
2021-08-05 21:15:00
CVE-2022-38171
2022-08-22 19:15:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-22925
2021-09-21 22:05:44
kaspersky
kaspersky
KLA12293 Multiple vulnerabilities in Apple iTunes
2021-09-20 00:00:00
KLA12357 Multiple vulnerabilities in Apple iCloud
2021-11-10 00:00:00
hivepro
hivepro
Apple fixes the zero-day vulnerabilities exploited by Pegasus spyware named “FORCEDENTRY”
2021-09-16 13:49:19
cisa
cisa
Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860
2021-09-13 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: mingw-poppler-22.01.0-7.fc36
2022-09-22 01:18:10
[SECURITY] Fedora 35 Update: mingw-poppler-21.08.0-2.fc35
2022-09-22 01:25:32
gentoo
gentoo
Poppler: Arbitrary Code Execution
2022-09-29 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0372
2021-07-23 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0417
2021-07-23 00:00:00
hackerone
hackerone
curl: CVE-2021-22925: TELNET stack contents disclosure again
2021-06-11 12:15:31
redhatcve
redhatcve
CVE-2021-22925
2021-07-21 09:20:15
CVE-2022-38784
2022-09-07 15:49:05
ubuntu
ubuntu
curl vulnerability
2022-01-20 00:00:00
curl vulnerabilities
2021-07-22 00:00:00
mageia
mageia
Updated python3 packages fix security vulnerability
2021-09-23 07:49:29
altlinux
altlinux
Security fix for the ALT Linux 10 package poppler115 version 21.11.0-alt1.p10.1
2023-01-20 00:00:00
archlinux
archlinux
[ASA-202107-60] lib32-curl: multiple issues
2021-07-21 00:00:00
[ASA-202107-64] lib32-libcurl-gnutls: multiple issues
2021-07-21 00:00:00
redhat
redhat
(RHSA-2021:4511) Moderate: curl security and bug fix update
2021-11-09 09:38:13
oraclelinux
oraclelinux
curl security and bug fix update
2021-11-16 00:00:00
cloudfoundry
cloudfoundry
USN-5021-1: curl vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
almalinux
almalinux
Moderate: curl security and bug fix update
2021-11-09 09:38:13
JSON
Related for MACOS_HT212805.NASL
apple10openvas22nessus32qualysblog2cnvd1prion25cve25checkpoint_advisories1attackerkb4cisa_kev3zdi1threatpost4osv7googleprojectzero1slackware2freebsd4thn6ibm12ubuntucve3cbl_mariner3githubexploit1malwarebytes1veracode2debiancve2alpinelinux2cloudlinux1kaspersky2hivepro1cisa1fedora2gentoo1photon2hackerone1redhatcve2ubuntu2mageia1altlinux1archlinux2redhat1oraclelinux1cloudfoundry1almalinux1