Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_HT212981.NASL
HistoryDec 21, 2021 - 12:00 a.m.

macOS 10.15.x < Catalina Security Update 2021-008 Catalina (HT212981)

2021-12-2100:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to Catalina Security Update 2021-008 Catalina. It is, therefore, affected by multiple vulnerabilities :

  • A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. (CVE-2021-30979)

  • An out-of-bounds read was addressed with improved input validation. Playing a malicious audio file may lead to arbitrary code execution. (CVE-2021-30958)

  • An out-of-bounds write issue was addressed with improved bounds checking. Processing a maliciously crafted USD file may disclose memory contents. (CVE-2021-30929)

Note that Nessus has not tested for this issue but has instead relied only on the operating system’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(156221);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/23");

  script_cve_id(
    "CVE-2021-30767",
    "CVE-2021-30927",
    "CVE-2021-30929",
    "CVE-2021-30931",
    "CVE-2021-30935",
    "CVE-2021-30937",
    "CVE-2021-30938",
    "CVE-2021-30939",
    "CVE-2021-30940",
    "CVE-2021-30941",
    "CVE-2021-30942",
    "CVE-2021-30945",
    "CVE-2021-30949",
    "CVE-2021-30950",
    "CVE-2021-30958",
    "CVE-2021-30959",
    "CVE-2021-30961",
    "CVE-2021-30963",
    "CVE-2021-30965",
    "CVE-2021-30968",
    "CVE-2021-30969",
    "CVE-2021-30971",
    "CVE-2021-30973",
    "CVE-2021-30975",
    "CVE-2021-30976",
    "CVE-2021-30977",
    "CVE-2021-30979",
    "CVE-2021-30980",
    "CVE-2021-30981",
    "CVE-2021-30982",
    "CVE-2021-30990",
    "CVE-2021-30995"
  );
  script_xref(name:"APPLE-SA", value:"HT212981");
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2021-12-15-4");
  script_xref(name:"IAVA", value:"2021-A-0577-S");

  script_name(english:"macOS 10.15.x < Catalina Security Update 2021-008 Catalina (HT212981)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple
vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to Catalina Security Update 2021-008
Catalina. It is, therefore, affected by multiple vulnerabilities :

  - A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD 
    file may lead to unexpected application termination or arbitrary code execution. (CVE-2021-30979)

  - An out-of-bounds read was addressed with improved input validation. Playing a malicious audio file may 
    lead to arbitrary code execution. (CVE-2021-30958)

  - An out-of-bounds write issue was addressed with improved bounds checking. Processing a maliciously 
    crafted USD file may disclose memory contents. (CVE-2021-30929)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported
version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT212981");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS 10.15.7 Catalina Security Update 2021-008 Catalina or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30981");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-30935");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/12/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_ports("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_apple.inc');

var app_info = vcf::apple::macos::get_app_info();

var constraints = [
  { 'min_version' : '10.15', 
    'max_version' : '10.15.7', 
    'fixed_build': '19H1615', 
    'fixed_display' : 'MacOS Catalina 10.15.7 Security Update 2021-008' }
];

vcf::apple::macos::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE
);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
applemacoscpe:/o:apple:macos

References

Related

apple 8
openvas 5
nessus 3
threatpost 2
prion 32
cve 32
zdi 3
cnvd 3
talos 1
thn 2
trendmicroblog 1
packetstorm 1
apple
apple
About the security content of Security Update 2021-008 Catalina
2021-12-13 00:00:00
About the security content of macOS Big Sur 11.6.2
2021-12-13 00:00:00
About the security content of macOS Monterey 12.1
2021-12-13 00:00:00
openvas
openvas
Apple Mac OS X Security Update (HT212981)
2022-03-17 00:00:00
Apple Mac OS X Security Update (HT212979)
2022-03-17 00:00:00
Apple Mac OS X Security Update (HT212978)
2022-03-17 00:00:00
nessus
nessus
macOS 11.x < 11.6.2 (HT212979)
2021-12-21 00:00:00
macOS 12.x < 12.1 (HT212978)
2021-12-21 00:00:00
Apple iOS < 15.2 Multiple Vulnerabilities (HT212976)
2021-12-19 00:00:00
threatpost
threatpost
Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit
2021-12-14 23:10:21
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
2022-01-31 18:18:41
prion
prion
Improper access control
2021-08-24 19:15:00
Buffer overflow
2021-08-24 19:15:00
Buffer overflow
2021-08-24 19:15:00
cve
cve
CVE-2021-30982
2021-08-24 19:15:00
CVE-2021-30990
2021-08-24 19:15:00
CVE-2021-30935
2021-08-24 19:15:00
zdi
zdi
Apple macOS ImageIO DDS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2022-02-16 00:00:00
Apple macOS ModelIO ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2022-02-16 00:00:00
Apple macOS fclonefileat Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
2022-02-16 00:00:00
cnvd
cnvd
Many Apple products competitive conditions problems vulnerability
2022-04-01 00:00:00
Multiple Apple Products Vulnerabilities in Permissions Licensing and Access Control Issues
2022-04-15 00:00:00
Multiple Apple products have unspecified vulnerabilities (CNVD-2022-55136)
2022-04-01 00:00:00
talos
talos
Apple macOS ImageIO DDS image out-of-bounds read vulnerability
2022-01-25 00:00:00
thn
thn
Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones
2021-12-14 06:10:00
Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam
2022-01-31 06:07:00
trendmicroblog
trendmicroblog
Analyzing an Old Bug and Discovering CVE-2021-30995
2022-01-14 00:00:00
packetstorm
packetstorm
XNU inm_merge Heap Use-After-Free
2022-01-06 00:00:00
JSON
Related for MACOS_HT212981.NASL
apple8openvas5nessus3threatpost2prion32cve32zdi3cnvd3talos1thn2trendmicroblog1packetstorm1