Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2019 Greenbone AGOPENVAS:1361412562310814888
HistoryMay 14, 2019 - 12:00 a.m.

Apple Mac OS X Security Updates (HT210119) - 02

2019-05-1400:00:00
Copyright (C) 2019 Greenbone AG
plugins.openvas.org
44

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

71.6%

JSON

Apple Mac OS X is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2019 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.814888");
  script_version("2024-02-09T14:47:30+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2019-8603", "CVE-2019-8560", "CVE-2019-8604", "CVE-2019-8574",
                "CVE-2019-8591", "CVE-2019-8590", "CVE-2019-8592");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-09 14:47:30 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-08-24 17:37:00 +0000 (Mon, 24 Aug 2020)");
  script_tag(name:"creation_date", value:"2019-05-14 10:43:13 +0530 (Tue, 14 May 2019)");
  script_name("Apple Mac OS X Security Updates (HT210119) - 02");

  script_tag(name:"summary", value:"Apple Mac OS X is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to

  - A validation issue with improper input sanitization.

  - A use after free issue with improper memory management.

  - A memory corruption issue with improper memory handling.

  - A type confusion issue with improper memory handling.

  - A logic issue with improper restrictions.");

  script_tag(name:"impact", value:"Successful exploitation of this vulnerability
  will allow remote attackers to read restricted memory, execute arbitrary code with
  system privileges, cause system termination or write to the kernel memory.");

  script_tag(name:"affected", value:"Apple Mac OS X versions,
  10.12.x through 10.12.6, 10.13.x through 10.13.6, 10.14.x through 10.14.4.");

  script_tag(name:"solution", value:"Upgrade to Apple Mac OS X 10.12.6
  build 16G2016, or 10.13.6 build 17G7024 or 10.14.5 or later. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");
  script_xref(name:"URL", value:"https://support.apple.com/en-us/HT210119");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2019 Greenbone AG");
  script_family("Mac OS X Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^10\.1[2-4]\.");

  exit(0);
}
include("version_func.inc");
include("ssh_func.inc");

osName = get_kb_item("ssh/login/osx_name");
if(!osName){
  exit(0);
}

osVer = get_kb_item("ssh/login/osx_version");
if(!osVer|| osVer !~ "^10\.1[2-4]\."|| "Mac OS X" >!< osName){
  exit(0);
}

buildVer = get_kb_item("ssh/login/osx_build");

if(osVer =~ "^10\.12")
{
  if(version_in_range(version:osVer, test_version:"10.12", test_version2:"10.12.5")){
    fix = "Upgrade to latest OS release and apply patch from vendor";
  }

  else if(osVer == "10.12.6")
  {
    if(osVer == "10.12.6" && version_is_less(version:buildVer, test_version:"16G2016"))
    {
      fix = "Apply patch from vendor";
      osVer = osVer + " Build " + buildVer;
    }
  }
}

if(osVer =~ "^10\.13")
{
  if(version_in_range(version:osVer, test_version:"10.13", test_version2:"10.13.5")){
    fix = "Upgrade to latest OS release and apply patch from vendor";
  }

  else if(osVer == "10.13.6")
  {
    if(osVer == "10.13.6" && version_is_less(version:buildVer, test_version:"17G7024"))
    {
      fix = "Apply patch from vendor";
      osVer = osVer + " Build " + buildVer;
    }
  }
}

else if(osVer == "10.14.4"){
  fix = "10.14.5";
}

if(fix)
{
  report = report_fixed_ver(installed_version:osVer, fixed_version:fix);
  security_message(data:report);
  exit(0);
}
exit(99);

Related

prion 7
zdt 1
cvelist 7
nvd 7
cve 7
zdi 4
githubexploit 1
myhack58 1
nessus 8
apple 16
threatpost 1
openvas 2
prion
prion
Type confusion
2019-12-18 18:15:00
Cross site scripting
2019-12-18 18:15:00
Code injection
2019-12-18 18:15:00
zdt
zdt
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Exploit
2019-05-21 00:00:00
cvelist
cvelist
CVE-2019-8590
2019-12-18 17:33:17
CVE-2019-8560
2019-12-18 17:33:18
CVE-2019-8591
2019-12-18 17:33:18
nvd
nvd
CVE-2019-8560
2019-12-18 18:15:26
CVE-2019-8591
2019-12-18 18:15:27
CVE-2019-8590
2019-12-18 18:15:27
cve
cve
CVE-2019-8560
2019-12-18 18:15:26
CVE-2019-8603
2019-12-18 18:15:28
CVE-2019-8591
2019-12-18 18:15:27
zdi
zdi
Apple macOS AudioCodecs Out-Of-Bounds Write Remote Code Execution Vulnerability
2019-10-25 00:00:00
Apple macOS AudioCodecs Memory Corruption Information Disclosure Vulnerability
2019-07-22 00:00:00
Apple Safari cfAttributedStringUnserialize Out-Of-Bounds Read Remote Code Execution Vulnerability
2019-05-30 00:00:00
githubexploit
githubexploit
Exploit for Type Confusion in Apple Iphone Os
2020-01-20 00:33:37
myhack58
myhack58
CVE-2019-8603: Safari sandbox escape&LPE in-depth analysis-vulnerability warning-the black bar safety net
2019-06-03 00:00:00
nessus
nessus
macOS 10.x < 10.14.5 Multiple Vulnerabilities (APPLE-SA-2019-05-09)
2019-05-16 00:00:00
macOS 10.14.x < 10.14.5 Multiple Vulnerabilities
2019-05-15 00:00:00
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-003)
2019-05-15 00:00:00
apple
apple
About the security content of watchOS 5.2.1 - Apple Support
2020-07-27 08:19:16
About the security content of watchOS 5.2.1
2019-05-13 00:00:00
About the security content of macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra - Apple Support
2019-10-09 01:52:48
threatpost
threatpost
Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More
2019-05-14 20:31:36
openvas
openvas
Apple Mac OS X Security Updates (HT210722)-02
2019-10-30 00:00:00
Apple Mac OS X Security Update (HT210634)
2023-01-10 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

71.6%

JSON
Related for OPENVAS:1361412562310814888
prion7zdt1cvelist7nvd7cve7zdi4githubexploit1myhack581nessus8apple16threatpost1openvas2