Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2019 Greenbone AGOPENVAS:1361412562310814888
HistoryMay 14, 2019 - 12:00 a.m.

Apple Mac OS X Security Updates (HT210119) - 02

2019-05-1400:00:00
Copyright (C) 2019 Greenbone AG
plugins.openvas.org
40

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.1%

JSON

Apple Mac OS X is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2019 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.814888");
  script_version("2024-02-09T14:47:30+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2019-8603", "CVE-2019-8560", "CVE-2019-8604", "CVE-2019-8574",
                "CVE-2019-8591", "CVE-2019-8590", "CVE-2019-8592");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-09 14:47:30 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-08-24 17:37:00 +0000 (Mon, 24 Aug 2020)");
  script_tag(name:"creation_date", value:"2019-05-14 10:43:13 +0530 (Tue, 14 May 2019)");
  script_name("Apple Mac OS X Security Updates (HT210119) - 02");

  script_tag(name:"summary", value:"Apple Mac OS X is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to

  - A validation issue with improper input sanitization.

  - A use after free issue with improper memory management.

  - A memory corruption issue with improper memory handling.

  - A type confusion issue with improper memory handling.

  - A logic issue with improper restrictions.");

  script_tag(name:"impact", value:"Successful exploitation of this vulnerability
  will allow remote attackers to read restricted memory, execute arbitrary code with
  system privileges, cause system termination or write to the kernel memory.");

  script_tag(name:"affected", value:"Apple Mac OS X versions,
  10.12.x through 10.12.6, 10.13.x through 10.13.6, 10.14.x through 10.14.4.");

  script_tag(name:"solution", value:"Upgrade to Apple Mac OS X 10.12.6
  build 16G2016, or 10.13.6 build 17G7024 or 10.14.5 or later. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");
  script_xref(name:"URL", value:"https://support.apple.com/en-us/HT210119");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2019 Greenbone AG");
  script_family("Mac OS X Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^10\.1[2-4]\.");

  exit(0);
}
include("version_func.inc");
include("ssh_func.inc");

osName = get_kb_item("ssh/login/osx_name");
if(!osName){
  exit(0);
}

osVer = get_kb_item("ssh/login/osx_version");
if(!osVer|| osVer !~ "^10\.1[2-4]\."|| "Mac OS X" >!< osName){
  exit(0);
}

buildVer = get_kb_item("ssh/login/osx_build");

if(osVer =~ "^10\.12")
{
  if(version_in_range(version:osVer, test_version:"10.12", test_version2:"10.12.5")){
    fix = "Upgrade to latest OS release and apply patch from vendor";
  }

  else if(osVer == "10.12.6")
  {
    if(osVer == "10.12.6" && version_is_less(version:buildVer, test_version:"16G2016"))
    {
      fix = "Apply patch from vendor";
      osVer = osVer + " Build " + buildVer;
    }
  }
}

if(osVer =~ "^10\.13")
{
  if(version_in_range(version:osVer, test_version:"10.13", test_version2:"10.13.5")){
    fix = "Upgrade to latest OS release and apply patch from vendor";
  }

  else if(osVer == "10.13.6")
  {
    if(osVer == "10.13.6" && version_is_less(version:buildVer, test_version:"17G7024"))
    {
      fix = "Apply patch from vendor";
      osVer = osVer + " Build " + buildVer;
    }
  }
}

else if(osVer == "10.14.4"){
  fix = "10.14.5";
}

if(fix)
{
  report = report_fixed_ver(installed_version:osVer, fixed_version:fix);
  security_message(data:report);
  exit(0);
}
exit(99);

Related

prion 7
zdt 1
zdi 4
cve 7
githubexploit 1
myhack58 1
nessus 8
apple 16
threatpost 1
openvas 2
prion
prion
Input validation
2019-12-18 18:15:00
Type confusion
2019-12-18 18:15:00
Code injection
2019-12-18 18:15:00
zdt
zdt
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Exploit
2019-05-21 00:00:00
zdi
zdi
Apple Safari cfAttributedStringUnserialize Out-Of-Bounds Read Remote Code Execution Vulnerability
2019-05-30 00:00:00
Apple macOS securityd Heap-based Buffer Overflow Sandbox Escape Vulnerability
2019-08-27 00:00:00
Apple macOS AudioCodecs Memory Corruption Information Disclosure Vulnerability
2019-07-22 00:00:00
cve
cve
CVE-2019-8590
2019-12-18 18:15:00
CVE-2019-8591
2019-12-18 18:15:00
CVE-2019-8603
2019-12-18 18:15:00
githubexploit
githubexploit
Exploit for Type Confusion in Apple Iphone Os
2020-01-20 00:33:37
myhack58
myhack58
CVE-2019-8603: Safari sandbox escape&LPE in-depth analysis-vulnerability warning-the black bar safety net
2019-06-03 00:00:00
nessus
nessus
macOS 10.14.x < 10.14.5 Multiple Vulnerabilities
2019-05-15 00:00:00
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-003)
2019-05-15 00:00:00
macOS 10.x < 10.14.5 Multiple Vulnerabilities (APPLE-SA-2019-05-09)
2019-05-16 00:00:00
apple
apple
About the security content of watchOS 5.2.1 - Apple Support
2020-07-27 08:19:16
About the security content of watchOS 5.2.1
2019-05-13 00:00:00
About the security content of macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra - Apple Support
2019-10-09 01:52:48
threatpost
threatpost
Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More
2019-05-14 20:31:36
openvas
openvas
Apple Mac OS X Security Updates (HT210722)-02
2019-10-30 00:00:00
Apple Mac OS X Security Update (HT210634)
2023-01-10 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.1%

JSON
Related for OPENVAS:1361412562310814888
prion7zdt1zdi4cve7githubexploit1myhack581nessus8apple16threatpost1openvas2