Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_HT213760.NASL
HistoryMay 18, 2023 - 12:00 a.m.

macOS 11.x < 11.7.7 Multiple Vulnerabilities (HT213760)

2023-05-1800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.7.7. It is, therefore, affected by multiple vulnerabilities:

  • The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges (CVE-2023-28181)

  • This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3. A sandboxed app may be able to collect system logs (CVE-2023-27945)

  • A privacy issue was addressed with improved private data redaction for log entries. (CVE-2023-32388, CVE-2023-32392)

  • This issue was addressed with improved redaction of sensitive information. (CVE-2023-28191)

  • This issue was addressed with improved entitlements. (CVE-2023-32411)

  • A buffer overflow was addressed with improved bounds checking. (CVE-2023-32384)

  • An out-of-bounds read was addressed with improved input validation. (CVE-2023-32410)

  • A use-after-free issue was addressed with improved memory management. (CVE-2023-32398, CVE-2023-32412)

  • A logic issue was addressed with improved checks. (CVE-2023-32352)

  • A logic issue was addressed with improved state management. (CVE-2023-32397, CVE-2023-32407)

  • This issue was addressed with improved redaction of sensitive information. (CVE-2023-32403)

  • An authorization issue was addressed with improved state management. (CVE-2023-32357)

Note that Nessus has not tested for these issues but has instead relied only on the operating system’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(176084);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/07");

  script_cve_id(
    "CVE-2023-27945",
    "CVE-2023-28181",
    "CVE-2023-28191",
    "CVE-2023-32352",
    "CVE-2023-32355",
    "CVE-2023-32357",
    "CVE-2023-32360",
    "CVE-2023-32369",
    "CVE-2023-32380",
    "CVE-2023-32382",
    "CVE-2023-32384",
    "CVE-2023-32386",
    "CVE-2023-32387",
    "CVE-2023-32388",
    "CVE-2023-32392",
    "CVE-2023-32395",
    "CVE-2023-32397",
    "CVE-2023-32398",
    "CVE-2023-32403",
    "CVE-2023-32405",
    "CVE-2023-32407",
    "CVE-2023-32410",
    "CVE-2023-32411",
    "CVE-2023-32412",
    "CVE-2023-32413"
  );
  script_xref(name:"APPLE-SA", value:"HT213760");
  script_xref(name:"IAVA", value:"2023-A-0264-S");

  script_name(english:"macOS 11.x < 11.7.7 Multiple Vulnerabilities (HT213760)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS update that fixes multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.7.7. It is, therefore, affected by
multiple vulnerabilities:

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS
    16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel
    privileges (CVE-2023-28181)

  - This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3. A sandboxed app
    may be able to collect system logs (CVE-2023-27945)

  - A privacy issue was addressed with improved private data redaction for log entries. (CVE-2023-32388,
    CVE-2023-32392)

  - This issue was addressed with improved redaction of sensitive information. (CVE-2023-28191)

  - This issue was addressed with improved entitlements. (CVE-2023-32411)

  - A buffer overflow was addressed with improved bounds checking. (CVE-2023-32384)

  - An out-of-bounds read was addressed with improved input validation. (CVE-2023-32410)

  - A use-after-free issue was addressed with improved memory management. (CVE-2023-32398, CVE-2023-32412)

  - A logic issue was addressed with improved checks. (CVE-2023-32352)

  - A logic issue was addressed with improved state management. (CVE-2023-32397, CVE-2023-32407)

  - This issue was addressed with improved redaction of sensitive information. (CVE-2023-32403)

  - An authorization issue was addressed with improved state management. (CVE-2023-32357)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported
version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT213760");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS 11.7.7 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-32412");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_ports("Host/MacOSX/Version", "Host/local_checks_enabled", "Host/MacOSX/packages/boms");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_apple.inc');

var app_info = vcf::apple::macos::get_app_info();

var constraints = [
  { 'fixed_version' : '11.7.7', 'min_version' : '11.0', 'fixed_display' : 'macOS Big Sur 11.7.7' }
];

vcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
applemacoscpe:/o:apple:macos

References

Related

apple 13
openvas 12
nessus 32
cvelist 25
prion 25
zdi 2
cve 25
talos 1
malwarebytes 1
amazon 2
osv 7
oraclelinux 3
redhat 15
ibm 6
almalinux 2
ubuntucve 1
ubuntu 2
redhatcve 1
debiancve 1
centos 1
rocky 2
mssecure 2
mageia 1
debian 1
thn 1
mmpc 1
talosblog 1
hp 1
apple
apple
About the security content of macOS Big Sur 11.7.7
2023-05-18 00:00:00
About the security content of macOS Monterey 12.6.6
2023-05-18 00:00:00
About the security content of iOS 15.7.6 and iPadOS 15.7.6
2023-05-18 00:00:00
openvas
openvas
Apple Mac OS X Security Update (HT213760)
2023-05-22 00:00:00
Apple Mac OS X Security Update (HT213759)
2023-05-22 00:00:00
Apple Mac OS X Security Update (HT213758)
2023-05-22 00:00:00
nessus
nessus
macOS 12.x < 12.6.6 Multiple Vulnerabilities (HT213759)
2023-05-18 00:00:00
macOS 13.x < 13.4 Multiple Vulnerabilities (HT213758)
2023-05-18 00:00:00
Apple iOS < 16.5 Multiple Vulnerabilities (HT213757)
2023-05-23 00:00:00
cvelist
cvelist
CVE-2023-32369
2023-06-23 00:00:00
CVE-2023-32410
2023-06-23 00:00:00
CVE-2023-32382
2023-06-23 00:00:00
prion
prion
Design/Logic Flaw
2023-06-23 18:15:00
Design/Logic Flaw
2023-06-23 18:15:00
Authentication flaw
2023-06-23 18:15:00
zdi
zdi
(Pwn2Own) Apple macOS /dev/fd Race Condition Local Privilege Escalation Vulnerability
2023-06-08 00:00:00
Apple macOS ImageIO EXR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-08-25 00:00:00
cve
cve
CVE-2023-32398
2023-06-23 18:15:12
CVE-2023-32395
2023-06-23 18:15:12
CVE-2023-32410
2023-06-23 18:15:13
talos
talos
Apple DCERPC association groups use-after-free vulnerability
2023-07-13 00:00:00
malwarebytes
malwarebytes
Microsoft gives Apple a migraine
2023-05-31 23:45:00
amazon
amazon
Medium: cups
2023-09-13 23:15:00
Medium: cups
2023-08-31 22:28:00
osv
osv
Important: cups security update
2023-08-29 00:00:00
Important: cups security update
2023-08-31 16:55:50
Important: cups security update
2023-08-29 00:00:00
oraclelinux
oraclelinux
cups security update
2023-08-29 00:00:00
cups security update
2023-08-30 00:00:00
cups security update
2023-08-29 00:00:00
redhat
redhat
(RHSA-2023:4771) Important: cups security update
2023-08-28 12:46:23
(RHSA-2023:4864) Important: cups security update
2023-08-29 17:44:57
(RHSA-2023:4838) Important: cups security update
2023-08-29 11:52:04
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information disclosure in Apple macOS Big Sur [CVE-2023-32360]
2023-11-30 18:55:21
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
2024-01-12 19:00:36
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-02-14 19:15:02
almalinux
almalinux
Important: cups security update
2023-08-29 00:00:00
Important: cups security update
2023-08-29 00:00:00
ubuntucve
ubuntucve
CVE-2023-32360
2023-06-23 00:00:00
ubuntu
ubuntu
CUPS vulnerability
2023-09-26 00:00:00
CUPS vulnerability
2023-09-12 00:00:00
redhatcve
redhatcve
CVE-2023-32360
2023-08-16 16:49:03
debiancve
debiancve
CVE-2023-32360
2023-06-23 18:15:11
centos
centos
cups security update
2024-01-12 19:25:19
rocky
rocky
cups security update
2023-08-31 16:55:08
cups security update
2023-08-31 16:55:50
mssecure
mssecure
New macOS vulnerability, Migraine, could bypass System Integrity Protection
2023-05-30 16:00:00
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
mageia
mageia
Updated cups packages fix security vulnerabilities
2023-10-10 20:21:41
debian
debian
[SECURITY] [DLA 3594-1] cups security update
2023-09-30 17:30:31
thn
thn
Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
2023-05-31 11:57:00
mmpc
mmpc
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
talosblog
talosblog
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
2023-07-13 16:00:21
hp
hp
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
JSON
Related for MACOS_HT213760.NASL
apple13openvas12nessus32cvelist25prion25zdi2cve25talos1malwarebytes1amazon2osv7oraclelinux3redhat15ibm6almalinux2ubuntucve1ubuntu2redhatcve1debiancve1centos1rocky2mssecure2mageia1debian1thn1mmpc1talosblog1hp1