macOS 10.15.x < Catalina Security Update 2022-003 Catalina (HT213185)


The remote host is running a version of macOS / Mac OS X that is prior to Catalina Security Update 2022-003 Catalina. It is, therefore, affected by multiple vulnerabilities : - An application may be able to gain elevated privileges (CVE-2022-22617, CVE-2022-22631) - An application may be able to read restricted memory (CVE-2022-22648) - Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory (CVE-2022-22625, CVE-2022-22626, CVE-2022-22627) - Processing a maliciously crafted file may lead to arbitrary code execution (CVE-2022-22597) - A maliciously crafted ZIP archive may bypass Gatekeeper checks (CVE-2022-22616) - An application may be able to execute arbitrary code with kernel privileges (CVE-2022-22613, CVE-2022-22614, CVE-2022-22615, CVE-2022-22661) - An attacker in a privileged position may be able to perform a denial of service attack (CVE-2022-22638) - A person with access to a Mac may be able to bypass Login Window (CVE-2022-22647) - A local attacker may be able to view the previous logged in user's desktop from the fast user switching screen (CVE-2022-22656) - A plug-in may be able to inherit the application's permissions and access user data (CVE-2022-22650) - Processing maliciously crafted web content may disclose sensitive user information (CVE-2022-22662) - A local user may be able to write arbitrary files (CVE-2022-22582) Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.