Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2022 Greenbone AGOPENVAS:1361412562310821282
HistoryAug 04, 2022 - 12:00 a.m.

Apple Mac OS X Security Update (HT209139)

2022-08-0400:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON

Apple Mac OS X is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.821282");
  script_version("2024-02-09T14:47:30+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2015-3194", "CVE-2015-5333", "CVE-2015-5334", "CVE-2016-0702",
                "CVE-2016-1777", "CVE-2017-12613", "CVE-2017-12618", "CVE-2017-5731",
                "CVE-2017-5732", "CVE-2017-5733", "CVE-2017-5734", "CVE-2017-5735",
                "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-4126", "CVE-2018-4153",
                "CVE-2018-4203", "CVE-2018-4295", "CVE-2018-4296", "CVE-2018-4304",
                "CVE-2018-4308", "CVE-2018-4310", "CVE-2018-4321", "CVE-2018-4324",
                "CVE-2018-4326", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-4333",
                "CVE-2018-4334", "CVE-2018-4336", "CVE-2018-4337", "CVE-2018-4338",
                "CVE-2018-4340", "CVE-2018-4341", "CVE-2018-4343", "CVE-2018-4344",
                "CVE-2018-4346", "CVE-2018-4347", "CVE-2018-4348", "CVE-2018-4350",
                "CVE-2018-4351", "CVE-2018-4353", "CVE-2018-4354", "CVE-2018-4355",
                "CVE-2018-4383", "CVE-2018-4393", "CVE-2018-4395", "CVE-2018-4396",
                "CVE-2018-4399", "CVE-2018-4401", "CVE-2018-4406", "CVE-2018-4407",
                "CVE-2018-4408", "CVE-2018-4411", "CVE-2018-4412", "CVE-2018-4414",
                "CVE-2018-4417", "CVE-2018-4418", "CVE-2018-4425", "CVE-2018-4426",
                "CVE-2018-4433", "CVE-2018-4451", "CVE-2018-4456", "CVE-2018-5383",
                "CVE-2019-8643");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-09 14:47:30 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");
  script_tag(name:"creation_date", value:"2022-08-04 16:15:17 +0530 (Thu, 04 Aug 2022)");
  script_name("Apple Mac OS X Security Update (HT209139)");

  script_tag(name:"summary", value:"Apple Mac OS X is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - Multiple input validation errors.

  - Multiple memory corruption issues.

  - An improper state management.");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers
  to execute arbitrary code, elevate privileges, disclose sensitive information
  and cause denial of service.");

  script_tag(name:"affected", value:"Apple Mac OS X versions prior to macOS Mojave 10.14.");

  script_tag(name:"solution", value:"Upgrade to Apple Mac OS X 10.14 or
  later. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");
  script_xref(name:"URL", value:"https://support.apple.com/en-us/HT209139");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mac OS X Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version");
  exit(0);
}
include("version_func.inc");
include("ssh_func.inc");

osName = get_kb_item("ssh/login/osx_name");
if(!osName)
  exit (0);

osVer = get_kb_item("ssh/login/osx_version");
if(!osVer || "Mac OS X" >!< osName)
  exit(0);

if(version_is_less(version:osVer, test_version:"10.14")) {
  report = report_fixed_ver(installed_version:osVer, fixed_version:"10.14");
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

nessus 49
apple 10
openvas 32
suse 3
ibm 11
securityvulns 2
freebsd 2
centos 1
talos 1
fedora 3
amazon 2
redhat 3
oraclelinux 4
talosblog 1
cloudfoundry 1
ubuntu 2
osv 3
prion 23
ubuntucve 1
debian 2
redhatcve 4
archlinux 2
cve 27
debiancve 2
mageia 1
zdi 4
zdt 1
cbl_mariner 1
openssl 1
nessus
nessus
macOS < 10.14 Multiple Vulnerabilities
2018-10-18 00:00:00
macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)
2018-10-31 00:00:00
SUSE SLES12 Security Update : ovmf (SUSE-SU-2018:4207-1)
2018-12-21 00:00:00
apple
apple
About the security content of macOS Mojave 10.14 - Apple Support
2020-02-04 05:12:57
About the security content of macOS Mojave 10.14
2018-09-24 00:00:00
About the security content of watchOS 5
2018-09-17 00:00:00
openvas
openvas
Apple Mac OS X Security Updates (HT209193)-06
2018-11-02 00:00:00
Apple Mac OS X Security Updates (HT209193)-05
2018-11-02 00:00:00
openSUSE: Security Advisory for ovmf (openSUSE-SU-2018:4240-1)
2018-12-23 00:00:00
suse
suse
Security update for ovmf (moderate)
2018-12-22 18:17:24
Security update for ovmf (moderate)
2018-12-22 18:09:42
Security update to ucode-intel (important)
2018-08-17 12:10:34
ibm
ibm
Security Bulletin: Vulnerabilities CVE-2017-12613 and CVE-2017-12618 in the IBM i HTTP Server affect IBM i.
2019-12-18 14:26:38
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience (CVE-2015-1794, CVE-2015-3194, CVE-2016-0702)
2018-06-16 20:00:23
Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities
2018-07-19 08:32:37
securityvulns
securityvulns
LibreSSL security vulnerabilities
2015-10-19 00:00:00
Qualys Security Advisory - LibreSSL &#40;CVE-2015-5333 and CVE-2015-5334&#41;
2015-10-19 00:00:00
freebsd
freebsd
LibreSSL -- Memory leak and buffer overflow
2015-10-15 00:00:00
libressl -- NULL pointer dereference
2015-12-03 00:00:00
centos
centos
OVMF security update
2019-08-30 03:50:09
talos
talos
Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability
2019-01-03 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: edk2-20190308stable-1.fc29
2019-04-03 03:31:40
[SECURITY] Fedora 30 Update: edk2-20190308stable-1.fc30
2019-03-31 00:05:59
[SECURITY] Fedora 26 Update: apr-util-1.5.4-6.fc26
2017-11-15 20:21:54
amazon
amazon
Important: edk2
2019-08-23 03:26:00
Medium: apr-util
2017-12-05 21:59:00
redhat
redhat
(RHSA-2019:2125) Moderate: ovmf security and enhancement update
2019-08-06 08:03:42
(RHSA-2018:2396) Important: kernel-rt security and bug fix update
2018-08-14 19:27:26
(RHSA-2018:2387) Important: kernel security and bug fix update
2018-08-14 18:50:34
oraclelinux
oraclelinux
edk2 security update
2019-06-06 00:00:00
ovmf security and enhancement update
2019-08-13 00:00:00
edk2 security update
2019-09-13 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Multiple Apple IntelHD5000 privilege escalation vulnerabilities
2019-01-08 10:00:00
cloudfoundry
cloudfoundry
USN-3756-1: Intel Microcode vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
ubuntu
ubuntu
Intel Microcode vulnerabilities
2018-08-27 00:00:00
APR-util vulnerability
2022-11-23 00:00:00
osv
osv
apr-util - security update
2017-11-06 00:00:00
apr-util vulnerability
2022-11-23 10:09:39
apr - security update
2022-01-24 00:00:00
prion
prion
Out-of-bounds
2017-10-24 01:29:00
Memory corruption
2019-04-03 18:29:00
Input validation
2019-04-03 18:29:00
ubuntucve
ubuntucve
CVE-2017-12618
2017-10-24 00:00:00
debian
debian
[SECURITY] [DLA 1163-1] apr-util security update
2017-11-06 21:39:07
[SECURITY] [DLA 2897-1] apr security update
2022-01-24 22:36:03
redhatcve
redhatcve
CVE-2017-12618
2017-10-26 09:48:57
CVE-2017-5735
2018-10-22 06:51:23
CVE-2017-12613
2019-10-07 03:05:29
archlinux
archlinux
[ASA-201710-33] apr-util: denial of service
2017-10-27 00:00:00
[ASA-201710-32] apr: information disclosure
2017-10-27 00:00:00
cve
cve
CVE-2017-12618
2017-10-24 01:29:00
CVE-2018-4383
2019-04-03 18:29:00
CVE-2018-4426
2019-04-03 18:29:00
debiancve
debiancve
CVE-2017-12618
2017-10-24 01:29:00
CVE-2017-12613
2017-10-24 01:29:00
mageia
mageia
Updated apr-util packages fix security vulnerability
2017-11-27 00:18:31
zdi
zdi
Apple macOS AppleGPUWrangler Logging Uninitialized Memory Information Disclosure Vulnerability
2018-10-30 00:00:00
Apple macOS NECP Control Socket Type Confusion Privilege Escalation Vulnerability
2018-10-30 00:00:00
Apple macOS nsurlstoraged Out-Of-Bounds Read Information Disclosure Vulnerability
2018-11-05 00:00:00
zdt
zdt
XNU Kernel iOS / macOS heap buffer overflow Exploit
2018-11-06 00:00:00
cbl_mariner
cbl_mariner
CVE-2017-12613 affecting package apr for versions less than 1.6.3-1
2024-05-03 09:06:27
openssl
openssl
Vulnerability in OpenSSL CVE-2015-3194
2015-12-03 00:00:00

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON
Related for OPENVAS:1361412562310821282
nessus49apple10openvas32suse3ibm11securityvulns2freebsd2centos1talos1fedora3amazon2redhat3oraclelinux4talosblog1cloudfoundry1ubuntu2osv3prion23ubuntucve1debian2redhatcve4archlinux2cve27debiancve2mageia1zdi4zdt1cbl_mariner1openssl1