Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_HT213758.NASL
HistoryMay 18, 2023 - 12:00 a.m.

macOS 13.x < 13.4 Multiple Vulnerabilities (HT213758)

2023-05-1800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
40
JSON

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.4. It is, therefore, affected by multiple vulnerabilities:

  • A privacy issue was addressed with improved private data redaction for log entries. (CVE-2023-32388, CVE-2023-32392)

  • This issue was addressed with improved checks. (CVE-2023-32400)

  • This issue was addressed with improved entitlements. (CVE-2023-32367, CVE-2023-32376, CVE-2023-32404, CVE-2023-32411)

  • The issue was addressed with improved checks. (CVE-2023-32371, CVE-2023-32390, CVE-2023-32391, CVE-2023-32394)

  • A privacy issue was addressed with improved handling of temporary files. (CVE-2023-32386)

  • The issue was addressed with improved handling of caches. (CVE-2023-32399, CVE-2023-32408)

  • This issue was addressed with improved redaction of sensitive information. (CVE-2023-28191)

  • An authentication issue was addressed with improved state management. (CVE-2023-32360)

  • A use-after-free issue was addressed with improved memory management. (CVE-2023-32373, CVE-2023-32387, CVE-2023-32398, CVE-2023-32412)

  • An out-of-bounds read was addressed with improved input validation. (CVE-2023-28204, CVE-2023-32368, CVE-2023-32372, CVE-2023-32375, CVE-2023-32382, CVE-2023-32402, CVE-2023-32410, CVE-2023-32420)

  • A buffer overflow was addressed with improved bounds checking. (CVE-2023-32384)

  • A type confusion issue was addressed with improved checks. (CVE-2023-27930)

  • The issue was addressed with additional permissions checks. (CVE-2023-27940)

  • A logic issue was addressed with improved checks. (CVE-2023-32352, CVE-2023-32405)

  • A logic issue was addressed with improved state management. (CVE-2023-32355, CVE-2023-32369, CVE-2023-32395, CVE-2023-32397, CVE-2023-32407)

  • An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2023-32380)

  • This issue was addressed with improved redaction of sensitive information. (CVE-2023-32389, CVE-2023-32403, CVE-2023-32415)

  • A denial-of-service issue was addressed with improved memory handling. (CVE-2023-32385)

  • An authorization issue was addressed with improved state management. (CVE-2023-32357)

  • This issue was addressed by adding additional SQLite logging restrictions. (CVE-2023-32422)

  • This issue was addressed with improved state management. (CVE-2023-28202)

  • A buffer overflow issue was addressed with improved memory handling. (CVE-2023-32423)

  • The issue was addressed with improved bounds checks. (CVE-2023-32409)

Note that Nessus has not tested for these issues but has instead relied only on the operating system’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(176078);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/07");

  script_cve_id(
    "CVE-2023-27930",
    "CVE-2023-27940",
    "CVE-2023-28191",
    "CVE-2023-28202",
    "CVE-2023-28204",
    "CVE-2023-32352",
    "CVE-2023-32355",
    "CVE-2023-32357",
    "CVE-2023-32360",
    "CVE-2023-32363",
    "CVE-2023-32367",
    "CVE-2023-32368",
    "CVE-2023-32371",
    "CVE-2023-32372",
    "CVE-2023-32373",
    "CVE-2023-32375",
    "CVE-2023-32376",
    "CVE-2023-32380",
    "CVE-2023-32382",
    "CVE-2023-32384",
    "CVE-2023-32385",
    "CVE-2023-32386",
    "CVE-2023-32387",
    "CVE-2023-32388",
    "CVE-2023-32389",
    "CVE-2023-32390",
    "CVE-2023-32391",
    "CVE-2023-32392",
    "CVE-2023-32394",
    "CVE-2023-32395",
    "CVE-2023-32397",
    "CVE-2023-32398",
    "CVE-2023-32399",
    "CVE-2023-32400",
    "CVE-2023-32402",
    "CVE-2023-32403",
    "CVE-2023-32404",
    "CVE-2023-32405",
    "CVE-2023-32407",
    "CVE-2023-32408",
    "CVE-2023-32409",
    "CVE-2023-32410",
    "CVE-2023-32411",
    "CVE-2023-32412",
    "CVE-2023-32413",
    "CVE-2023-32414",
    "CVE-2023-32415",
    "CVE-2023-32420",
    "CVE-2023-32422",
    "CVE-2023-32423"
  );
  script_xref(name:"APPLE-SA", value:"HT213758");
  script_xref(name:"IAVA", value:"2023-A-0264-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/06/12");

  script_name(english:"macOS 13.x < 13.4 Multiple Vulnerabilities (HT213758)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS update that fixes multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.4. It is, therefore, affected by
multiple vulnerabilities:

  - A privacy issue was addressed with improved private data redaction for log entries. (CVE-2023-32388,
    CVE-2023-32392)

  - This issue was addressed with improved checks. (CVE-2023-32400)

  - This issue was addressed with improved entitlements. (CVE-2023-32367, CVE-2023-32376, CVE-2023-32404,
    CVE-2023-32411)

  - The issue was addressed with improved checks. (CVE-2023-32371, CVE-2023-32390, CVE-2023-32391,
    CVE-2023-32394)

  - A privacy issue was addressed with improved handling of temporary files. (CVE-2023-32386)

  - The issue was addressed with improved handling of caches. (CVE-2023-32399, CVE-2023-32408)

  - This issue was addressed with improved redaction of sensitive information. (CVE-2023-28191)

  - An authentication issue was addressed with improved state management. (CVE-2023-32360)

  - A use-after-free issue was addressed with improved memory management. (CVE-2023-32373, CVE-2023-32387,
    CVE-2023-32398, CVE-2023-32412)

  - An out-of-bounds read was addressed with improved input validation. (CVE-2023-28204, CVE-2023-32368,
    CVE-2023-32372, CVE-2023-32375, CVE-2023-32382, CVE-2023-32402, CVE-2023-32410, CVE-2023-32420)

  - A buffer overflow was addressed with improved bounds checking. (CVE-2023-32384)

  - A type confusion issue was addressed with improved checks. (CVE-2023-27930)

  - The issue was addressed with additional permissions checks. (CVE-2023-27940)

  - A logic issue was addressed with improved checks. (CVE-2023-32352, CVE-2023-32405)

  - A logic issue was addressed with improved state management. (CVE-2023-32355, CVE-2023-32369,
    CVE-2023-32395, CVE-2023-32397, CVE-2023-32407)

  - An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2023-32380)

  - This issue was addressed with improved redaction of sensitive information. (CVE-2023-32389,
    CVE-2023-32403, CVE-2023-32415)

  - A denial-of-service issue was addressed with improved memory handling. (CVE-2023-32385)

  - An authorization issue was addressed with improved state management. (CVE-2023-32357)

  - This issue was addressed by adding additional SQLite logging restrictions. (CVE-2023-32422)

  - This issue was addressed with improved state management. (CVE-2023-28202)

  - A buffer overflow issue was addressed with improved memory handling. (CVE-2023-32423)

  - The issue was addressed with improved bounds checks. (CVE-2023-32409)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported
version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT213758");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS 13.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-32412");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_ports("Host/MacOSX/Version", "Host/local_checks_enabled", "Host/MacOSX/packages/boms");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_apple.inc');

var app_info = vcf::apple::macos::get_app_info();

var constraints = [
  { 'fixed_version' : '13.4.0', 'min_version' : '13.0', 'fixed_display' : 'macOS Ventura 13.4' }
];

vcf::apple::macos::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE,
    flags:{'sqli':TRUE}
);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
applemacoscpe:/o:apple:macos

References

Related

nessus 18
apple 8
openvas 10
talosblog 1
malwarebytes 2
mageia 1
almalinux 2
rocky 2
oraclelinux 2
redhat 2
osv 5
debian 1
fedora 2
thn 3
prion 44
cvelist 45
cve 42
zdi 4
talos 1
debiancve 1
ubuntucve 1
cisa_kev 1
attackerkb 1
nessus
nessus
macOS 12.x < 12.6.6 Multiple Vulnerabilities (HT213759)
2023-05-18 00:00:00
macOS 11.x < 11.7.7 Multiple Vulnerabilities (HT213760)
2023-05-18 00:00:00
Apple iOS < 16.5 Multiple Vulnerabilities (HT213757)
2023-05-23 00:00:00
apple
apple
About the security content of macOS Ventura 13.4
2023-05-18 00:00:00
About the security content of tvOS 16.5
2023-05-18 00:00:00
About the security content of macOS Big Sur 11.7.7
2023-05-18 00:00:00
openvas
openvas
Apple Mac OS X Security Update (HT213758)
2023-05-22 00:00:00
Apple Mac OS X Security Update (HT213760)
2023-05-22 00:00:00
Apple Mac OS X Security Update (HT213759)
2023-05-22 00:00:00
talosblog
talosblog
It’s apparently hip to still be using Windows 7
2023-05-25 18:00:35
malwarebytes
malwarebytes
Update now! Apple issues patches for three actively used zero-days
2023-05-23 11:45:00
Microsoft gives Apple a migraine
2023-05-31 23:45:00
mageia
mageia
Updated webkit2 packages fix security vulnerability
2023-06-15 10:27:14
almalinux
almalinux
Important: webkit2gtk3 security update
2023-06-05 00:00:00
Important: webkit2gtk3 security update
2023-06-05 00:00:00
rocky
rocky
webkit2gtk3 security update
2023-06-24 18:52:51
webkit2gtk3 security update
2023-06-13 19:55:27
oraclelinux
oraclelinux
webkit2gtk3 security update
2023-06-06 00:00:00
webkit2gtk3 security update
2023-06-06 00:00:00
redhat
redhat
(RHSA-2023:3432) Important: webkit2gtk3 security update
2023-06-05 07:59:49
(RHSA-2023:3433) Important: webkit2gtk3 security update
2023-06-05 08:00:00
osv
osv
Important: webkit2gtk3 security update
2023-06-24 18:52:51
webkit2gtk - security update
2023-06-15 00:00:00
Important: webkit2gtk3 security update
2023-06-13 19:55:27
debian
debian
[SECURITY] [DSA 5427-1] webkit2gtk security update
2023-06-15 09:21:13
fedora
fedora
[SECURITY] Fedora 37 Update: webkitgtk-2.40.2-1.fc37
2023-06-03 02:17:30
[SECURITY] Fedora 38 Update: webkitgtk-2.40.2-1.fc38
2023-06-03 02:46:17
thn
thn
WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
2023-05-19 03:43:00
Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
2023-05-31 11:57:00
Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari
2023-06-22 06:56:00
prion
prion
Information disclosure
2023-06-23 18:15:00
Design/Logic Flaw
2023-06-23 18:15:00
Information disclosure
2023-06-23 18:15:00
cvelist
cvelist
CVE-2023-32368
2023-06-23 00:00:00
CVE-2023-32369
2023-06-23 00:00:00
CVE-2023-32410
2023-06-23 00:00:00
cve
cve
CVE-2023-32395
2023-06-23 18:15:12
CVE-2023-32414
2023-06-23 18:15:13
CVE-2023-32355
2023-06-23 18:15:11
zdi
zdi
(Pwn2Own) Apple macOS /dev/fd Race Condition Local Privilege Escalation Vulnerability
2023-06-08 00:00:00
Apple macOS ImageIO EXR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-08-25 00:00:00
Apple macOS EXR Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2023-08-25 00:00:00
talos
talos
Apple DCERPC association groups use-after-free vulnerability
2023-07-13 00:00:00
debiancve
debiancve
CVE-2023-32409
2023-06-23 18:15:13
ubuntucve
ubuntucve
CVE-2023-32409
2023-06-23 00:00:00
cisa_kev
cisa_kev
Apple Multiple Products WebKit Sandbox Escape Vulnerability
2023-05-22 00:00:00
attackerkb
attackerkb
CVE-2023-32409
2023-06-23 00:00:00
JSON
Related for MACOS_HT213758.NASL
nessus18apple8openvas10talosblog1malwarebytes2mageia1almalinux2rocky2oraclelinux2redhat2osv5debian1fedora2thn3prion44cvelist45cve42zdi4talos1debiancve1ubuntucve1cisa_kev1attackerkb1