DATABASE RESOURCES PRICING ABOUT US

{"id": "THN:080F85D43290560CDED8F282EE277B00", "vendorId": null, "type": "thn", "bulletinFamily": "info", "title": "Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices", "description": "[](<https://thehackernews.com/images/-b6kGmU8c6Gc/YP-1oely-GI/AAAAAAAADV0/MURJ7OCSDsoeAi2sHU_Bb2cqNT4e2C-qACLcBGAsYHQ/s0/apple-iphone-hacking.jpg>)\n\nApple on Monday rolled out an urgent security update for [iOS, iPadOS](<https://support.apple.com/en-us/HT212622>), and [macOS](<https://support.apple.com/en-us/HT212623>) to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year.\n\nThe updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory corruption issue (**CVE-2021-30807**) in the IOMobileFrameBuffer component, a kernel extension for managing the screen [framebuffer](<https://en.wikipedia.org/wiki/Framebuffer>), that could be abused to execute arbitrary code with kernel privileges.\n\nThe company said it addressed the issue with improved memory handling, noting it's \"aware of a report that this issue may have been actively exploited.\" As is typically the case, additional details about the flaw have not been disclosed to prevent the weaponization of the vulnerability for additional attacks. Apple credited an anonymous researcher for discovering and reporting the vulnerability.\n\nThe timing of the update also raises questions about whether the zero-day had any role in compromising iPhones using NSO Group's [Pegasus software](<https://forbiddenstories.org/case/the-pegasus-project/>), which has become the focus of a series of [investigative reports](<https://thehackernews.com/2021/07/new-leak-reveals-abuse-of-pegasus.html>) that have exposed how the spyware tool turned mobile phones of journalists, human rights activists, and others into portable surveillance devices, granting complete access to sensitive information stored in them.\n\nCVE-2021-30807 is also the thirteenth zero-day vulnerability addressed by Apple this year alone, including \u2014\n\n * [CVE-2021-1782](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (Kernel) - A malicious application may be able to elevate privileges\n * [CVE-2021-1870](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [CVE-2021-1871](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [CVE-2021-1879](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>) (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting\n * [CVE-2021-30657](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (System Preferences) - A malicious application may bypass Gatekeeper checks\n * [CVE-2021-30661](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [CVE-2021-30663](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [CVE-2021-30665](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [CVE-2021-30666](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [CVE-2021-30713](<https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html>) (TCC framework) - A malicious application may be able to bypass Privacy preferences\n * [CVE-2021-30761](<https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [CVE-2021-30762](<https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n\nGiven the [public availability](<https://twitter.com/b1n4r1b01/status/1419734027565617165>) of a proof-of-concept (PoC) exploit, it's highly recommended that users move quickly to update their devices to the latest version to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-07-27T07:28:00", "modified": "2021-07-27T11:14:04", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/07/apple-releases-urgent-0-day-bug-patch.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807"], "immutableFields": [], "lastseen": "2022-05-09T12:39:18", "viewCount": 238, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4381"]}, {"type": "apple", "idList": ["APPLE:00E9E67FD5A811CCF44971943EC8B5C3", "APPLE:0F898F86D77B1E8D84FF7B933794464E", "APPLE:2A32C0762786DF36357D645066CDC600", "APPLE:341D114D330F307514C2721DBB8BFACA", "APPLE:48BC28AAD9E0029F9CF17E3ED0A5F181", "APPLE:4E4515CD7FD997AA98D94164483D0679", "APPLE:52D5DC71EAE54F6DF0EA591406E6C671", "APPLE:60998B3B940109A56BF6379394ED5080", "APPLE:63DD59AAEDECD46C156A7668A930E353", "APPLE:6F6ABDDC9804AE7A4086CB77C2D1EF4A", "APPLE:72B0255E1DE0446B228B5371EDD14ACD", "APPLE:73550C0E0CC4D3E6D5DC38456DA89443", "APPLE:7BA0021A4788FB7533B47DE574B071E4", "APPLE:852BF4CFEE89DF537390F83B28A0C41D", "APPLE:A1AFADAD90CEC763DFDCC59E95E6D673", "APPLE:A5EDA5FE2364D1FB5D577BC8C126D6E5", "APPLE:B08BBADEFC88806E12CB234F1EB6C4C6", "APPLE:B42E67860AD9D9F5B9307A29A1189DF0", "APPLE:B69E745380EF6BD25EB61E697869CC84", "APPLE:B804E3A70EFCA1DE30511F9CD20F227C", "APPLE:CA6473609072D4746735999863BFAC33", "APPLE:CABE34499864F4FA47751E5A9FCC58AC", "APPLE:D1804CFB5985973BEAA4CE367152D5F6", "APPLE:DBD69E61128BB8DB328ED63A78371D07", "APPLE:F7DADB3E958148A6B63512580383CEA2", "APPLE:F8BE10D8CFAE590690202C33D00B6E6B", "APPLE:HT212146", "APPLE:HT212147", "APPLE:HT212148", "APPLE:HT212149"]}, {"type": "archlinux", "idList": ["ASA-202103-24", "ASA-202103-25", "ASA-202107-67", "ASA-202107-68"]}, {"type": "attackerkb", "idList": ["AKB:13D7A136-347D-489A-908C-898F80E4B285", "AKB:15A288E1-FB97-49D8-B8D3-66504415C107", "AKB:183D8BB0-8586-4082-B243-93481A8DD739", "AKB:29A92D92-7F52-42AF-809D-8666D33E0DF2", "AKB:4324FF7F-3A87-4B49-8D0A-C475F54F194F", "AKB:4380F669-F62A-4ECB-9878-4CE783308630", "AKB:61DB1B67-FFE2-4A84-8445-DD1303479F56", "AKB:623B1BA8-5058-447C-A596-8E19F76075E6", "AKB:673C0F46-250F-49D1-B228-00771E15172B", "AKB:B7E55568-7DDB-4883-8CA4-2D0B592F4D60", "AKB:D8802B97-577F-4D1B-BA3C-1D6D3EBB2FF2", "AKB:F8C5CED8-6CD4-4034-ADE0-2B754D84500D", "AKB:FF274F38-9A0C-47ED-97B9-57C114AB1511"]}, {"type": "centos", "idList": ["CESA-2020:4035"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0374", "CPAI-2021-0481"]}, {"type": "cve", "idList": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4877-1:61845", "DEBIAN:DSA-4877-1:95C13", "DEBIAN:DSA-4923-1:EA1C3", "DEBIAN:DSA-4945-1:08051"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-1870", "DEBIANCVE:CVE-2021-1871", "DEBIANCVE:CVE-2021-30661", "DEBIANCVE:CVE-2021-30663", "DEBIANCVE:CVE-2021-30665", "DEBIANCVE:CVE-2021-30666", "DEBIANCVE:CVE-2021-30761", "DEBIANCVE:CVE-2021-30762"]}, {"type": "fedora", "idList": ["FEDORA:40E0330A072B", "FEDORA:7879F312EC5F", "FEDORA:7E63530C02C9", "FEDORA:8A032304C446", "FEDORA:997C53060987"]}, {"type": "gentoo", "idList": ["GLSA-202104-03", "GLSA-202202-01"]}, {"type": "githubexploit", "idList": ["285A3734-8E7C-544D-B792-62E544C8ECE8", "374D00E3-03E0-5580-9CDF-C7CCABB45C2F", "9FA3EE1C-FBEF-5EC4-A060-8046BC66B6B5"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:1018F8694CC71D28EAB1260365FF3821", "GOOGLEPROJECTZERO:9451D3A58B2FB50EEDDD4A74CE240CDE", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "ibm", "idList": ["6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85"]}, {"type": "kitploit", "idList": ["KITPLOIT:8409423888936671546"]}, {"type": "mageia", "idList": ["MGASA-2021-0181", "MGASA-2021-0400"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:11D4071979D3FC1E6028AA8D71EB87F4", "MALWAREBYTES:C265FF6D1D82CDE3FB6E6C1E4248A791", "MALWAREBYTES:D94336E4CB7536CC9CECC8C6FF696A77", "MALWAREBYTES:D9516FC71F8DBF10DCC510845A7FBC9E", "MALWAREBYTES:F17E033D182A0D3753BC7398874F60EE"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-OSX-BROWSER-OSX_GATEKEEPER_BYPASS-"]}, {"type": "mmpc", "idList": ["MMPC:103E36516D8F01093A2395B683168A00", "MMPC:6A79615935EB4546087AB44569C7B207"]}, {"type": "mssecure", "idList": ["MSSECURE:103E36516D8F01093A2395B683168A00", "MSSECURE:6A79615935EB4546087AB44569C7B207"]}, {"type": "nessus", "idList": ["701344.PASL", "ALMA_LINUX_ALSA-2020-4451.NASL", "ALMA_LINUX_ALSA-2021-1586.NASL", "ALMA_LINUX_ALSA-2021-4381.NASL", "APPLETV_14_6.NASL", "APPLE_IOS_1252_CHECK.NBIN", "APPLE_IOS_1253_CHECK.NBIN", "APPLE_IOS_1254_CHECK.NBIN", "APPLE_IOS_1442_CHECK.NBIN", "APPLE_IOS_144_CHECK.NBIN", "APPLE_IOS_1451_CHECK.NBIN", "APPLE_IOS_145_CHECK.NBIN", "APPLE_IOS_1471_CHECK.NBIN", "CENTOS8_RHSA-2021-4381.NASL", "DEBIAN_DSA-4877.NASL", "DEBIAN_DSA-4923.NASL", "DEBIAN_DSA-4945.NASL", "FEDORA_2021-619711D709.NASL", "FEDORA_2021-864DC37032.NASL", "GENTOO_GLSA-202104-03.NASL", "GENTOO_GLSA-202202-01.NASL", "MACOS_HT212147.NASL", "MACOS_HT212325.NASL", "MACOS_HT212326.NASL", "MACOS_HT212335.NASL", "MACOS_HT212529.NASL", "MACOS_HT212622.NASL", "MACOS_HT212805.NASL", "NEWSTART_CGSL_NS-SA-2021-0166_WEBKITGTK4.NASL", "NEWSTART_CGSL_NS-SA-2022-0048_WEBKIT2GTK3.NASL", "OPENSUSE-2021-1101.NASL", "OPENSUSE-2021-2598.NASL", "OPENSUSE-2021-637.NASL", "OPENSUSE-2022-0182-1.NASL", "ORACLELINUX_ELSA-2021-4381.NASL", "REDHAT-RHSA-2020-4035.NASL", "REDHAT-RHSA-2020-4451.NASL", "REDHAT-RHSA-2021-1586.NASL", "REDHAT-RHSA-2021-4381.NASL", "ROCKY_LINUX_RLSA-2021-1586.NASL", "ROCKY_LINUX_RLSA-2021-4381.NASL", "SUSE_SU-2021-1430-1.NASL", "SUSE_SU-2021-1499-1.NASL", "SUSE_SU-2021-1990-1.NASL", "SUSE_SU-2021-2598-1.NASL", "SUSE_SU-2021-2600-1.NASL", "SUSE_SU-2021-2762-1.NASL", "SUSE_SU-2022-0142-1.NASL", "SUSE_SU-2022-0182-1.NASL", "SUSE_SU-2022-0182-2.NASL", "SUSE_SU-2022-0183-1.NASL", "UBUNTU_USN-4894-1.NASL", "UBUNTU_USN-4939-1.NASL", "UBUNTU_USN-5024-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4381"]}, {"type": "osv", "idList": ["OSV:DSA-4558-1", "OSV:DSA-4681-1", "OSV:DSA-4797-1", "OSV:DSA-4877-1", "OSV:DSA-4923-1", "OSV:DSA-4945-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162504"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5101CC734C1A900451E5994AFF57209A", "QUALYSBLOG:70AF718BCABA36D5847184CA639B55C9", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:F55CD820063DB6DC3B7A1C8CAE16FC6B"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:830105C5509FB1C4D38B114EDD71298E"]}, {"type": "redhat", "idList": ["RHSA-2020:4035", "RHSA-2020:4451", "RHSA-2021:1586", "RHSA-2021:4381", "RHSA-2022:0056", "RHSA-2022:0202", "RHSA-2022:5924"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-1870", "RH:CVE-2021-1871", "RH:CVE-2021-30661", "RH:CVE-2021-30663", "RH:CVE-2021-30665", "RH:CVE-2021-30666", "RH:CVE-2021-30761", "RH:CVE-2021-30762"]}, {"type": "rocky", "idList": ["RLSA-2021:1586", "RLSA-2021:4381"]}, {"type": "securelist", "idList": ["SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0637-1", "OPENSUSE-SU-2021:1101-1", "OPENSUSE-SU-2021:2598-1", "OPENSUSE-SU-2022:0182-1", "OPENSUSE-SU-2022:0182-2"]}, {"type": "thn", "idList": ["THN:012D6A298BED906B54D36D175756D4A7", "THN:0D13405795D42B516C33D8E56A44BA9D", "THN:30412CF0C94BB814E9BC328633580D99", "THN:3251602ACD4E04F5F4C7F140878960E0", "THN:4EFE9C3A3A0DEB0019296A14C9EAC1FA", "THN:59DC40FBDFBEBE12E11B551510E4B2E6", "THN:6D9C30F48BF06002190A9401A9E9AFC8", "THN:739D9EFE8C7F1B29E2430DAC65CDEE52", "THN:9F22FC342DFAFC55521FD4F7CEC7C9A3", "THN:BB8CDCFD08801BDD2929E342853D03E9", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:D28CBE91134FEFC2BFDB69F581D44799", "THN:DCB20559AE0C35EB864725D482E268C2", "THN:EC6D350524B71F2DAA2D6B7CADC88677", "THN:F0D5DEDB6BEE875D30F098FB7A4E55A1"]}, {"type": "threatpost", "idList": ["THREATPOST:1F4EC22B4239CE182669792125155781", "THREATPOST:233067E74345C95478CA096160DFCE43", "THREATPOST:26C336F10C4AB0FEC01844CA1040746F", "THREATPOST:2B3917ECB87C4A3C315132D8E32C1073", "THREATPOST:33E56DEB736406F9DD08C7533BF1812B", "THREATPOST:4918B2D694EFC16538A8825D39D8FBD5", "THREATPOST:760D774FCA5FD00BE1174D5CB428884D", "THREATPOST:7C630642BA0CC259B4DF61820DA05235", "THREATPOST:8372A3E62BAD4992E997A34240A7EB45", "THREATPOST:8BADC2EA82DF9B3B87A59B396C617C28", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6"]}, {"type": "ubuntu", "idList": ["USN-4894-1", "USN-4939-1", "USN-5024-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-1870", "UB:CVE-2021-1871", "UB:CVE-2021-30661", "UB:CVE-2021-30663", "UB:CVE-2021-30665", "UB:CVE-2021-30666", "UB:CVE-2021-30761", "UB:CVE-2021-30762"]}, {"type": "veracode", "idList": ["VERACODE:29857", "VERACODE:29886", "VERACODE:31408", "VERACODE:31877"]}, {"type": "zdt", "idList": ["1337DAY-ID-36216"]}]}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4381"]}, {"type": "apple", "idList": ["APPLE:00E9E67FD5A811CCF44971943EC8B5C3", "APPLE:0F898F86D77B1E8D84FF7B933794464E", "APPLE:2A32C0762786DF36357D645066CDC600", "APPLE:341D114D330F307514C2721DBB8BFACA", "APPLE:48BC28AAD9E0029F9CF17E3ED0A5F181", "APPLE:4E4515CD7FD997AA98D94164483D0679", "APPLE:52D5DC71EAE54F6DF0EA591406E6C671", "APPLE:63DD59AAEDECD46C156A7668A930E353", "APPLE:6F6ABDDC9804AE7A4086CB77C2D1EF4A", "APPLE:72B0255E1DE0446B228B5371EDD14ACD", "APPLE:73550C0E0CC4D3E6D5DC38456DA89443", "APPLE:7BA0021A4788FB7533B47DE574B071E4", "APPLE:A1AFADAD90CEC763DFDCC59E95E6D673", "APPLE:A5EDA5FE2364D1FB5D577BC8C126D6E5", "APPLE:B08BBADEFC88806E12CB234F1EB6C4C6", "APPLE:B42E67860AD9D9F5B9307A29A1189DF0", "APPLE:B69E745380EF6BD25EB61E697869CC84", "APPLE:B804E3A70EFCA1DE30511F9CD20F227C", "APPLE:CA6473609072D4746735999863BFAC33", "APPLE:CABE34499864F4FA47751E5A9FCC58AC", "APPLE:D1804CFB5985973BEAA4CE367152D5F6", "APPLE:DBD69E61128BB8DB328ED63A78371D07", "APPLE:F7DADB3E958148A6B63512580383CEA2", "APPLE:F8BE10D8CFAE590690202C33D00B6E6B", "APPLE:HT212146", "APPLE:HT212147", "APPLE:HT212148", "APPLE:HT212149"]}, {"type": "archlinux", "idList": ["ASA-202103-24", "ASA-202103-25", "ASA-202107-67", "ASA-202107-68"]}, {"type": "attackerkb", "idList": ["AKB:13D7A136-347D-489A-908C-898F80E4B285", "AKB:29A92D92-7F52-42AF-809D-8666D33E0DF2", "AKB:4324FF7F-3A87-4B49-8D0A-C475F54F194F", "AKB:D8802B97-577F-4D1B-BA3C-1D6D3EBB2FF2", "AKB:FF274F38-9A0C-47ED-97B9-57C114AB1511"]}, {"type": "centos", "idList": ["CESA-2020:4035"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0374", "CPAI-2021-0481"]}, {"type": "cve", "idList": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4877-1:61845", "DEBIAN:DSA-4923-1:EA1C3", "DEBIAN:DSA-4945-1:08051"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-1870", "DEBIANCVE:CVE-2021-1871", "DEBIANCVE:CVE-2021-30661", "DEBIANCVE:CVE-2021-30663", "DEBIANCVE:CVE-2021-30665", "DEBIANCVE:CVE-2021-30666", "DEBIANCVE:CVE-2021-30761", "DEBIANCVE:CVE-2021-30762"]}, {"type": "fedora", "idList": ["FEDORA:40E0330A072B", "FEDORA:7E63530C02C9", "FEDORA:8A032304C446", "FEDORA:997C53060987"]}, {"type": "gentoo", "idList": ["GLSA-202104-03"]}, {"type": "githubexploit", "idList": ["285A3734-8E7C-544D-B792-62E544C8ECE8", "374D00E3-03E0-5580-9CDF-C7CCABB45C2F", "9FA3EE1C-FBEF-5EC4-A060-8046BC66B6B5"]}, {"type": "ibm", "idList": ["6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96"]}, {"type": "kitploit", "idList": ["KITPLOIT:8409423888936671546"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:D94336E4CB7536CC9CECC8C6FF696A77"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-OSX-WEBKIT-CVE-2021-30663/", "MSF:ILITIES/APPLE-OSX-WEBKIT-CVE-2021-30665/"]}, {"type": "mmpc", "idList": ["MMPC:6A79615935EB4546087AB44569C7B207"]}, {"type": "mssecure", "idList": ["MSSECURE:6A79615935EB4546087AB44569C7B207"]}, {"type": "nessus", "idList": ["701344.PASL", "APPLETV_14_6.NASL", "APPLE_IOS_1252_CHECK.NBIN", "APPLE_IOS_1253_CHECK.NBIN", "APPLE_IOS_1254_CHECK.NBIN", "APPLE_IOS_1442_CHECK.NBIN", "APPLE_IOS_144_CHECK.NBIN", "APPLE_IOS_1451_CHECK.NBIN", "APPLE_IOS_145_CHECK.NBIN", "APPLE_IOS_1471_CHECK.NBIN", "CENTOS8_RHSA-2021-4381.NASL", "DEBIAN_DSA-4877.NASL", "DEBIAN_DSA-4923.NASL", "DEBIAN_DSA-4945.NASL", "FEDORA_2021-619711D709.NASL", "FEDORA_2021-864DC37032.NASL", "GENTOO_GLSA-202104-03.NASL", "MACOS_HT212147.NASL", "MACOS_HT212325.NASL", "MACOS_HT212326.NASL", "MACOS_HT212335.NASL", "MACOS_HT212529.NASL", "MACOS_HT212622.NASL", "OPENSUSE-2021-2598.NASL", "OPENSUSE-2021-637.NASL", "ORACLELINUX_ELSA-2021-4381.NASL", "REDHAT-RHSA-2021-4381.NASL", "SUSE_SU-2021-1430-1.NASL", "SUSE_SU-2021-1499-1.NASL", "SUSE_SU-2021-1990-1.NASL", "SUSE_SU-2021-2598-1.NASL", "SUSE_SU-2021-2600-1.NASL", "UBUNTU_USN-4894-1.NASL", "UBUNTU_USN-4939-1.NASL", "UBUNTU_USN-5024-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4381"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162504"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:70AF718BCABA36D5847184CA639B55C9", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:F55CD820063DB6DC3B7A1C8CAE16FC6B"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:830105C5509FB1C4D38B114EDD71298E"]}, {"type": "redhat", "idList": ["RHSA-2020:4451", "RHSA-2021:4381"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-1870", "RH:CVE-2021-1871", "RH:CVE-2021-30661", "RH:CVE-2021-30663", "RH:CVE-2021-30665", "RH:CVE-2021-30666", "RH:CVE-2021-30761", "RH:CVE-2021-30762"]}, {"type": "rocky", "idList": ["RLSA-2021:1586", "RLSA-2021:4381"]}, {"type": "securelist", "idList": ["SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0637-1", "OPENSUSE-SU-2021:2598-1"]}, {"type": "thn", "idList": ["THN:3251602ACD4E04F5F4C7F140878960E0", "THN:4EFE9C3A3A0DEB0019296A14C9EAC1FA", "THN:739D9EFE8C7F1B29E2430DAC65CDEE52", "THN:9F22FC342DFAFC55521FD4F7CEC7C9A3", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:D28CBE91134FEFC2BFDB69F581D44799", "THN:F0D5DEDB6BEE875D30F098FB7A4E55A1"]}, {"type": "threatpost", "idList": ["THREATPOST:1F4EC22B4239CE182669792125155781", "THREATPOST:233067E74345C95478CA096160DFCE43", "THREATPOST:33E56DEB736406F9DD08C7533BF1812B", "THREATPOST:7C630642BA0CC259B4DF61820DA05235", "THREATPOST:8BADC2EA82DF9B3B87A59B396C617C28", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6"]}, {"type": "ubuntu", "idList": ["USN-4894-1", "USN-4939-1", "USN-5024-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-1870", "UB:CVE-2021-1871", "UB:CVE-2021-30661", "UB:CVE-2021-30663", "UB:CVE-2021-30665", "UB:CVE-2021-30666", "UB:CVE-2021-30761", "UB:CVE-2021-30762"]}, {"type": "zdt", "idList": ["1337DAY-ID-36216"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-1782", "epss": "0.000970000", "percentile": "0.391110000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1870", "epss": "0.004190000", "percentile": "0.701430000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1871", "epss": "0.003160000", "percentile": "0.656570000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1879", "epss": "0.001740000", "percentile": "0.527760000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30657", "epss": "0.849700000", "percentile": "0.979160000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30661", "epss": "0.003250000", "percentile": "0.661610000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30663", "epss": "0.002510000", "percentile": "0.612250000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30665", "epss": "0.002330000", "percentile": "0.596700000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30666", "epss": "0.003740000", "percentile": "0.684920000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30713", "epss": "0.003880000", "percentile": "0.690540000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30761", "epss": "0.004520000", "percentile": "0.712290000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30762", "epss": "0.004520000", "percentile": "0.712290000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30807", "epss": "0.000680000", "percentile": "0.277080000", "modified": "2023-03-17"}], "vulnersScore": 0.6}, "_state": {"dependencies": 1660004461, "score": 1698842854, "epss": 1679098904}, "_internal": {"score_hash": "e8c060e5b981736755c5107756a536d9"}}

{"thn": [{"lastseen": "2022-05-09T12:37:57", "description": "[](<https://thehackernews.com/images/-EY0jLibkpcU/YMgfQajFNQI/AAAAAAAAC3I/EIU5a5Wq51o-5TvSYm6aKt_vlbbskE6UACLcBGAsYHQ/s0/apple-zero-day.png>)\n\nApple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild.\n\nThe latest update, [iOS 12.5.4](<https://support.apple.com/en-us/HT212548>), comes with fixes for three security bugs, including a memory corruption issue in [ASN.1 decoder](<https://en.wikipedia.org/wiki/ASN.1>) (CVE-2021-30737) and two flaws concerning its WebKit browser engine that could be abused to achieve remote code execution \u2014\n\n * **CVE-2021-30761** \\- A memory corruption issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was addressed with improved state management.\n * **CVE-2021-30762** \\- A use-after-free issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was resolved with improved memory management.\n\nBoth CVE-2021-30761 and CVE-2021-30762 were reported to Apple anonymously, with the Cupertino-based company stating in its advisory that it's aware of reports that the vulnerabilities \"may have been actively exploited.\" As is usually the case, Apple didn't share any specifics on the nature of the attacks, the victims that may have been targeted, or the threat actors that may be abusing them.\n\nOne thing evident, however, is that the active exploitation attempts were directed against owners of older devices such as iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). The move mirrors a similar fix that Apple rolled out on May 3 to remediate a buffer overflow vulnerability (CVE-2021-30666) in WebKit targeting the same set of devices.\n\nAlong with the two aforementioned flaws, Apple has patched a total of 12 zero-days affecting iOS, iPadOS, macOS, tvOS, and watchOS since the start of the year \u2014\n\n * [**CVE-2021-1782**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (Kernel) - A malicious application may be able to elevate privileges\n * [**CVE-2021-1870**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [**CVE-2021-1871**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [**CVE-2021-1879**](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>) (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting\n * [**CVE-2021-30657**](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (System Preferences) - A malicious application may bypass Gatekeeper checks\n * [**CVE-2021-30661**](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30663**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30665**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30666**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30713**](<https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html>) (TCC framework) - A malicious application may be able to bypass Privacy preferences\n\nUsers of Apple devices are recommended to update to the latest versions to mitigate the risk associated with the vulnerabilities.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-15T03:32:00", "type": "thn", "title": "Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30737", "CVE-2021-30761", "CVE-2021-30762"], "modified": "2021-06-15T10:08:36", "id": "THN:0D13405795D42B516C33D8E56A44BA9D", "href": "https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:14", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEj9Bd2VdAXWvbASf8YmWxr5iArtahL17_NleXHz62PXrscVcuyhLoDB7s3THH7T3H2cNZseMCfhLHRI9u5ESRDFZknnkYq6qqLc5c9bPFMM7KFlt0MGfj_ufHze0jtqtN8jGQiQUtNiSL3Kgq8Vsdc1lkrooiJsHq3ucrJQr03nO_OVN3I2C0POzJAs>)\n\nApple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year.\n\nThe weakness, assigned the identifier [CVE-2021-30883](<https://support.apple.com/en-us/HT212846>), concerns a memory corruption issue in the \"IOMobileFrameBuffer\" component that could allow an application to execute arbitrary code with kernel privileges. Crediting an anonymous researcher for reporting the vulnerability, Apple said it's \"aware of a report that this issue may have been actively exploited.\"\n\nTechnical specifics about the flaw and the nature of the attacks remain unavailable as yet, as is the identity of the threat actor, so as to allow a majority of the users to apply the patch and prevent other adversaries from weaponizing the vulnerability. The iPhone maker said it addressed the issue with improved memory handling.\n\nBut soon after the advisory was released, security researcher Saar Amar [shared](<https://saaramar.github.io/IOMFB_integer_overflow_poc/>) additional details, and a proof-of-concept (PoC) exploit, noting that \"this attack surface is highly interesting because it's accessible from the app sandbox (so it's great for jailbreaks) and many other processes, making it a good candidate for LPEs exploits in chains.\"\n\nCVE-2021-30883 is also the second zero-day impacting IOMobileFrameBuffer after Apple addressed a similar, anonymously reported memory corruption issue (CVE-2021-30807) in July 2021, raising the possibility that the two flaws could be related. With the latest fix, the company has resolved a record 17 zero-days to date in 2021 alone \u2014\n\n * [**CVE-2021-1782**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (Kernel) - A malicious application may be able to elevate privileges\n * [**CVE-2021-1870**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [**CVE-2021-1871**](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (WebKit) - A remote attacker may be able to cause arbitrary code execution\n * [**CVE-2021-1879**](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>) (WebKit) - Processing maliciously crafted web content may lead to universal cross-site scripting\n * [**CVE-2021-30657**](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (System Preferences) - A malicious application may bypass Gatekeeper checks\n * [**CVE-2021-30661**](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>) (WebKit Storage) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30663**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30665**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30666**](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30713**](<https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html>) (TCC framework) - A malicious application may be able to bypass Privacy preferences\n * [**CVE-2021-30761**](<https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30762**](<https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30807**](<https://thehackernews.com/2021/07/apple-releases-urgent-0-day-bug-patch.html>) (IOMobileFrameBuffer) - An application may be able to execute arbitrary code with kernel privileges\n * [**CVE-2021-30858**](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution\n * [**CVE-2021-30860**](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) (CoreGraphics) - Processing a maliciously crafted PDF may lead to arbitrary code execution\n * [**CVE-2021-30869**](<https://thehackernews.com/2021/09/urgent-apple-ios-and-macos-updates.html>) (XNU) - A malicious application may be able to execute arbitrary code with kernel privileges\n\nApple iPhone and iPad users are highly recommended to update to the latest version (iOS 15.0.2 and iPad 15.0.2) to mitigate the security vulnerability.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-12T02:41:00", "type": "thn", "title": "Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-30869", "CVE-2021-30883"], "modified": "2021-10-20T05:21:18", "id": "THN:BB8CDCFD08801BDD2929E342853D03E9", "href": "https://thehackernews.com/2021/10/apple-releases-urgent-iphone-and-ipad.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:16", "description": "[](<https://thehackernews.com/images/-pYRFN6NLe6E/YJDef-c1NrI/AAAAAAAACcc/4bGiU-I6wLM0L_4q6OkSYydQnsvyfnlEwCLcBGAsYHQ/s0/apple-update.jpg>)\n\nApple on Monday released security updates for [iOS](<https://support.apple.com/en-us/HT212336>), [macOS](<https://support.apple.com/en-us/HT212335>), and [watchOS](<https://support.apple.com/en-us/HT212339>) to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild.\n\nThe weaknesses all concern WebKit, the browser engine which powers Safari and other third-party web browsers in iOS, allowing an adversary to execute arbitrary code on target devices. A summary of the three security bugs are as follows -\n\n * **CVE-2021-30663:** An integer overflow vulnerability that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved input validation.\n * **CVE-2021-30665:** A memory corruption issue that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved state management.\n * **CVE-2021-30666:** A buffer overflow vulnerability that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved memory handling.\n\nThe development comes a week after Apple rolled out iOS 14.5 and macOS Big Sur 11.3 with a fix for a potentially exploited WebKit Storage vulnerability. Tracked as [CVE-2021-30661](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>), the use-after-free issue was discovered and reported to the iPhone maker by a security researcher named yangkang ([@dnpushme](<https://twitter.com/dnpushme>)) of Qihoo 360 ATA.\n\nyangkang, along with zerokeeper and bianliang, have been credited with reporting the three new flaws.\n\nIt's worth noting that CVE-2021-30666 only affects older Apple devices such as iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). The [iOS 12.5.3](<https://support.apple.com/en-us/HT212341>) update, which remediates this flaw, also includes a fix for CVE-2021-30661.\n\nThe company said it's aware of reports that the issues \"may have been actively exploited\" but, as is typically the case, failed to elaborate about the nature of attacks, the victims that may have been targeted, or the threat actors that may be abusing them.\n\nUsers of Apple devices are recommended to update to the latest versions to mitigate the risk associated with the flaws.\n\n**Update: **Apple has also [released](<https://support.apple.com/en-us/HT212340>) a new version of Safari 14.1 for macOS Catalina and macOS Mojave, with the update introducing fixes for the two WebKit flaws CVE-2021-30663 and CVE-2021-30665. The update comes a day after patches were shipped for iOS, macOS, and watchOS.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-04T05:42:00", "type": "thn", "title": "Apple Releases Urgent Security Patches For Zero\u2011Day Bugs Under Active Attacks", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666"], "modified": "2021-05-05T03:21:40", "id": "THN:F0D5DEDB6BEE875D30F098FB7A4E55A1", "href": "https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:01", "description": "[](<https://thehackernews.com/images/-nG0kgJIWUe4/YKyCba_26VI/AAAAAAAACnk/LKb9R527jacuLLW42sp_Pra0dvHvKtFKgCLcBGAsYHQ/s0/apple.jpg>)\n\nApple on Monday rolled out security updates for [iOS](<https://support.apple.com/en-us/HT212528>), [macOS](<https://support.apple.com/en-us/HT212529>), [tvOS](<https://support.apple.com/en-us/HT212532>), [watchOS](<https://support.apple.com/en-us/HT212533>), and [Safari](<https://support.apple.com/en-us/HT212534>) web browser to fix multiple vulnerabilities, including an actively exploited zero-day flaw in macOS Big Sur and expand patches for two previously disclosed zero-day flaws. \n\nTracked as CVE-2021-30713, the zero-day concerns a permissions issue in Apple's Transparency, Consent, and Control ([TCC](<https://support.apple.com/en-in/guide/security/secddd1d86a6/web>)) framework in macOS that maintains a database of each user's consents. The iPhone maker acknowledged that the issue may have been exploited in the wild but stopped short of sharing specifics.\n\nThe company noted that it rectified the problem with improved validation.\n\nHowever, in a separate report, mobile device management company Jamf said the bypass flaw was being actively exploited by XCSSET, a malware that's been out in the wild since August 2020 and known to propagate via modified [Xcode IDE projects](<https://developer.apple.com/library/archive/featuredarticles/XcodeConcepts/Concept-Projects.html>) hosted on GitHub repositories and plant malicious packages into legitimate apps installed on the target system.\n\n\"The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user's explicit consent \u2014 which is the default behavior,\" Jamf researchers Stuart Ashenbrenner, Jaron Bradley, and Ferdous Saljooki [said](<https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/>) in a write-up.\n\n[](<https://thehackernews.com/images/-D65Oi6v5MWk/YKx_ahsaI8I/AAAAAAAACnc/7lPcPh2B5Rg04i8Tu6E0cBxGgMMDvthlgCLcBGAsYHQ/s0/iOS-malware.jpg>)\n\nTaking the form of a AppleScript module, the zero-day flaw allowed the hackers to exploit the devices XCSSET was installed to leverage the permissions that have already been provided to the trojanized application to amass and exfiltrate sensitive information.\n\nSpecifically, the malware checked for screen capture permissions from a list of installed applications, such as Zoom, Discord, WhatsApp, Slack, TeamViewer, Upwork, Skype, and Parallels Desktop, to inject the malware (\"avatarde.app\") into the app's folder, thereby inheriting the necessary permissions required to carry out its nefarious tasks.\n\n\"By leveraging an installed application with the proper permissions set, the attacker can piggyback off that donor app when creating a malicious app to execute on victim devices, without prompting for user approval,\" the researchers noted.\n\nXCSSET was also the subject of closer scrutiny [last month](<https://thehackernews.com/2021/04/malware-spreads-via-xcode-projects-now.html>) after a new variant of the malware was detected targeting Macs running on Apple's new M1 chips to steal wallet information from cryptocurrency apps. One of its primary functions is to siphon Safari browser cookies as well as install a developer version of the Safari application to load JavaScript backdoors from its command-and-control server.\n\nAlso fixed as part of Monday's updates are two other actively exploited flaws in its WebKit browser engine affecting Safari, Apple TV 4K, and Apple TV HD devices, almost three weeks after Apple addressed the same issues in [iOS, macOS, and watchOS](<https://thehackernews.com/2021/05/apple-releases-urgent-security-patches.html>) earlier this month.\n\n * **CVE-2021-30663** \\- An integer overflow issue in WebKit, which could be exploited to achieve arbitrary code execution when processing maliciously crafted web content.\n * **CVE-2021-30665** \\- A memory corruption issue in WebKit that could lead to arbitrary code execution when processing maliciously crafted web content.\n\nUsers of Apple devices are recommended to update to the latest versions to mitigate the risk associated with the flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-25T04:52:00", "type": "thn", "title": "Apple\u200c Issues Patches to Combat Ongoing 0-Day Attacks on macOS, tvOS", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30713"], "modified": "2021-05-25T04:52:15", "id": "THN:3251602ACD4E04F5F4C7F140878960E0", "href": "https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:24", "description": "[](<https://thehackernews.com/images/-5Zi_45-pXus/YF7LgsUU1pI/AAAAAAAACHQ/ltYZDuSTuqwbzRstY55f-hwWOXjS_zI2gCLcBGAsYHQ/s0/mac-malware-proxy-setting.png>)\n\nMerely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild.\n\nTracked as **CVE-2021-1879**, the vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks.\n\n\"This issue was addressed by improved management of object lifetimes,\" the iPhone maker noted.\n\nApple has credited Clement Lecigne and Billy Leonard of Google's Threat Analysis Group for discovering and reporting the issue. While details of the flaw have not been disclosed, the company said it's aware of reports that CVE-2021-1879 may have been actively exploited.\n\nUpdates are available for the following devices:\n\n * [iOS 12.5.2](<https://support.apple.com/en-us/HT212257>) \\- Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n * [iOS 14.4.2](<https://support.apple.com/en-us/HT212256>) \\- iPhone 6s and later, and iPod touch (7th generation)\n * [iPadOS 14.4.2](<https://support.apple.com/en-us/HT212256>) \\- iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later\n * [watchOS 7.3.3](<https://support.apple.com/en-us/HT212258>) \\- Apple Watch Series 3 and later\n\nThe latest release arrives close on the heels of a patch for a separate WebKit flaw ([CVE-2021-1844](<https://thehackernews.com/2021/03/apple-issues-patch-for-remote-hacking.html>)) that Apple shipped earlier this month. In January 2021, the company resolved [three zero-day vulnerabilities](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871) that allowed an attacker to elevate privileges and achieve remote code execution.\n\nInterestingly, Apple also appears to be [experimenting](<https://thehackernews.com/2021/03/apple-may-start-delivering-security.html>) with ways to deliver security updates on iOS in a manner that's independent of other OS updates. iOS 14.4.2 certainly sounds like the kind of update that could benefit from this feature.\n\nIn the meanwhile, users of Apple devices are advised to install the updates as soon as possible to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-27T06:07:00", "type": "thn", "title": "Apple Issues Urgent Patch Update for Another Zero\u2011Day Under Attack", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879"], "modified": "2021-03-27T08:51:29", "id": "THN:4EFE9C3A3A0DEB0019296A14C9EAC1FA", "href": "https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:11", "description": "[](<https://thehackernews.com/images/-jMlIotpt0jU/YBD-s7n5YQI/AAAAAAAABmI/X0k_6KZYvcAOxTj1nJiddOWRAnW-eYg9ACLcBGAsYHQ/s0/apple-iphone-hacking.jpg>)\n\nApple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild.\n\nReported by an anonymous researcher, the three [zero-day](<https://support.apple.com/en-us/HT212146>) [flaws](<https://support.apple.com/en-us/HT212149>) \u2014 CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 \u2014 could have allowed an attacker to elevate privileges and achieve remote code execution.\n\nThe iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.\n\nWhile the privilege escalation bug in the kernel (CVE-2021-1782) was noted as a race condition that could cause a malicious application to elevate its privileges, the other two shortcomings \u2014 dubbed a \"logic issue\" \u2014 were discovered in the WebKit browser engine (CVE-2021-1870 and CVE-2021-1871), permitting an attacker to achieve arbitrary code execution inside Safari.\n\nApple said the race condition and the WebKit flaws were addressed with improved locking and restrictions, respectively.\n\n[](<https://thehackernews.com/images/-fdpXkbfWGTA/YBD_Bui-nuI/AAAAAAAABmQ/MgynC4sTjqETJbW_z8c8Hc-4lAuJHG5rgCLcBGAsYHQ/s0/hacking.jpg>)\n\nWhile exact details of the exploit leveraging the flaws are unlikely to be made public until the patches have been widely applied, it wouldn't be a surprise if they were chained together to carry out watering hole attacks against potential targets.\n\nSuch an attack would involve delivering the malicious code simply by visiting a compromised website that then takes advantage of the aforementioned vulnerabilities to escalate its privileges and run arbitrary commands to take control of the device.\n\nThe updates are now available for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation), as well as Apple TV 4K and Apple TV HD.\n\nNews of the latest zero-days comes after the company resolved three actively exploited vulnerabilities in [November 2020](<https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html>) and a separate zero-day bug in iOS 13.5.1 that was disclosed as used in a [cyberespionage campaign](<https://thehackernews.com/2020/12/iphones-of-36-journalists-hacked-using.html>) targeting Al Jazeera journalists last year.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-27T05:50:00", "type": "thn", "title": "Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871"], "modified": "2021-01-27T05:50:09", "id": "THN:739D9EFE8C7F1B29E2430DAC65CDEE52", "href": "https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:03", "description": "[](<https://thehackernews.com/images/-Aros4Hd7Hj8/YEcYaYPj-TI/AAAAAAAAB-g/2ZSR204Gt-cvho0M5p936SrWsC_s00ulwCLcBGAsYHQ/s0/apple.jpg>)\n\nApple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content.\n\nTracked as **CVE-2021-1844**, the vulnerability was discovered and reported to the company by Cl\u00e9ment Lecigne of Google's Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research.\n\nAccording to the update notes posted by Apple, the flaw stems from a memory corruption issue that could lead to arbitrary code execution when processing specially crafted web content. The company said the problem was addressed with \"improved validation.\"\n\nThe update is available for devices running [iOS 14.4, iPadOS 14.4](<https://support.apple.com/en-us/HT212221>), [macOS Big Sur](<https://support.apple.com/en-us/HT212220>), and [watchOS 7.3.1](<https://support.apple.com/en-us/HT212222>) (Apple Watch Series 3 and later), and as an [update to Safari](<https://support.apple.com/en-us/HT212223>) for MacBooks running macOS Catalina and macOS Mojave.\n\n[](<https://thehackernews.com/images/-x-pwD8r0Hz0/YEcYq2S27qI/AAAAAAAAB-o/e7pap0QYYvU1uk765ZMqSeKYUofKWRYegCLcBGAsYHQ/s0/apple.jpg>)\n\nThe latest development comes on the heels of a patch for [three zero-day vulnerabilities](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>) (CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871) that was released in January. The weaknesses, which allow an attacker to elevate privileges and achieve remote code execution, were later exploited by the team behind the \"[unc0ver](<https://thehackernews.com/2021/03/new-unc0ver-tool-can-jailbreak-all.html>)\" jailbreak tool to unlock almost every single iPhone model running 14.3.\n\nIt's worth noting that Huffman was also behind the discovery of an [actively exploited zero-day bug](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>) in the Chrome browser that was addressed by Google last week. But unlike the Chrome security flaw, there is no evidence that CVE-2021-1844 is being exploited by malicious hackers.\n\nUsers of Apple devices or those running a vulnerable version of Chrome are advised to install the updates as soon as possible to mitigate the risk associated with the flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T06:51:00", "type": "thn", "title": "Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871"], "modified": "2021-03-09T08:58:35", "id": "THN:59DC40FBDFBEBE12E11B551510E4B2E6", "href": "https://thehackernews.com/2021/03/apple-issues-patch-for-remote-hacking.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:18", "description": "[](<https://thehackernews.com/images/-biV-82_eo5Q/YIflVSaffHI/AAAAAAAACYE/UQ2O048-aiIWv19Eso20FMpiiNSWFFicwCLcBGAsYHQ/s0/apple-malware.jpg>)\n\nSecurity is only as strong as the weakest link. As further proof of this, Apple released an update to macOS operating systems to address an actively exploited zero-day vulnerability that could circumvent all security protections, thus permitting unapproved software to run on Macs.\n\nThe macOS flaw, identified as [CVE-2021-30657](<https://support.apple.com/en-us/HT212325>), was discovered and reported to Apple by security engineer Cedric Owens on March 25, 2021.\n\n\"An unsigned, unnotarized, script-based proof of concept application [...] could trivially and reliably sidestep all of macOS's relevant security mechanisms (File Quarantine, Gatekeeper, and Notarization Requirements), even on a fully patched M1 macOS system,\" security researcher Patrick Wardle [explained](<https://objective-see.com/blog/blog_0x64.html>) in a write-up. \"Armed with such a capability macOS malware authors could (and are) returning to their proven methods of targeting and infecting macOS users.\"\n\nApple's macOS comes with a feature called [Gatekeeper](<https://support.apple.com/guide/deployment-reference-macos/using-gatekeeper-apd02b925e38/web>), which allows only [trusted apps](<https://support.apple.com/en-us/HT202491>) to be run by ensuring that the software has been signed by the App Store or by a registered developer and has cleared an automated process called \"[app notarization](<https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution>)\" that scans the software for malicious content.\n\nBut the new flaw uncovered by Owens could enable an adversary to craft a rogue application in a manner that would deceive the Gatekeeper service and get executed without triggering any security warning. The trickery involves packaging a malicious shell script as a \"double-clickable app\" so that the malware could be double-clicked and run like an app.\n\n\"It's an app in the sense that you can double click it and macOS views it as an app when you right click -&gt; Get Info on the payload,\" Owens [said](<https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508>). \"Yet it's also shell script in that shell scripts are not checked by Gatekeeper even if the [quarantine](<https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html>) attribute is present.\"\n\n[](<https://thehackernews.com/images/-VJcAfeigXAU/YIflxqbcR8I/AAAAAAAACYQ/2BXHadqOI30gqgbTdpezN6aBLvMI51aJgCLcBGAsYHQ/s0/malware.jpg>)\n\n[](<https://thehackernews.com/images/-5-2DSx3g1lM/YIflwyqs9yI/AAAAAAAACYM/2zPv2m4h6H0XzaEyV_bxo63N0O1goK4BACLcBGAsYHQ/s0/macos-malware.jpg>)\n\nAccording to macOS security firm [Jamf](<https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/>), the threat actor behind [Shlayer](<https://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/>) malware has been abusing this Gatekeeper bypass vulnerability as early as January 9, 2021. Distributed via a technique called search engine poisoning or spamdexing, Shlayer accounts for almost 30% of all detections on the macOS platform, with one in ten systems encountering the adware at least once, according to [Kaspersky](<https://securelist.com/shlayer-for-macos/95724/>) statistics for 2019.\n\nThe attack works by manipulating search engine results to surface malicious links that, when clicked, redirects users to a web page that prompts users to download a seemingly benign app update for out-of-date software, which in this campaign, is a bash script designed to retrieve next-stage payloads, including Bundlore adware stealthily. Troublingly, this infection scheme could be leveraged to deliver more advanced threats such as surveillanceware and ransomware.\n\nIn addition to the aforementioned vulnerability, Monday's updates also address a critical flaw in WebKit Storage (tracked as CVE-2021-30661) that concerns an arbitrary code execution flaw in [iOS](<https://support.apple.com/en-us/HT212317>), [macOS](<https://support.apple.com/en-us/HT212325>), [tvOS](<https://support.apple.com/en-us/HT212323>), and [watchOS](<https://support.apple.com/en-us/HT212324>) when processing maliciously crafted web content.\n\n\"Apple is aware of a report that this issue may have been actively exploited,\" the company said in a security document, adding it addressed the use-after-free weakness with improved memory management.\n\nAside from these updates, Apple has also released [iCloud for Windows 12.3](<https://support.apple.com/en-us/HT212321>) with patches for four security issues in WebKit and WebRTC, among others, that could allow an attacker to cross-site scripting (XSS) attacks (CVE-2021-1825) and corrupt kernel memory (CVE-2020-7463).\n\nUsers of Apple devices are recommended to update to the latest versions to mitigate the risk associated with the flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-27T10:29:00", "type": "thn", "title": "Hackers Exploit 0-Day Gatekeeper Flaw to Attack macOS Computers", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-7463", "CVE-2021-1825", "CVE-2021-30657", "CVE-2021-30661"], "modified": "2021-04-28T06:42:59", "id": "THN:9F22FC342DFAFC55521FD4F7CEC7C9A3", "href": "https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:14", "description": "[](<https://thehackernews.com/images/-DCb4GmwQ6mc/YRoTENWqoEI/AAAAAAAADik/5VlIDxThXOISHwtZvPu89-ta0KRbs41KwCLcBGAsYHQ/s0/code.png>)\n\nA new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection.\n\n\"AdLoad,\" as the malware is known, is one of several widespread adware and bundleware loaders targeting macOS since at least 2017. It's capable of backdooring an affected system to download and install adware or potentially unwanted programs (PUPs), as well as amass and transmit information about victim machines.\n\nThe new iteration \"continues to impact Mac users who rely solely on Apple's built-in security control XProtect for malware detection,\" SentinelOne threat researcher Phil Stokes [said](<https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/>) in an analysis published last week. \"As of today, however, XProtect arguably has around 11 different signatures for AdLoad [but] the variant used in this new campaign is undetected by any of those rules.\"\n\nThe 2021 version of AdLoad latches on to persistence and executable names that use a different file extension pattern (.system or .service), enabling the malware to get around additional security protections incorporated by Apple, ultimately resulting in the installation of a persistence agent, which, in turn, triggers an attack chain to deploy malicious droppers that masquerade as a fake Player.app to install malware.\n\n[](<https://thehackernews.com/images/-rexIao2_jak/YRoRcn2_sKI/AAAAAAAADiY/5c5C4HMLALUECAP4SMJZSck0XGc3fb15ACLcBGAsYHQ/s0/macos-malware.jpg>)\n\nWhat's more, the droppers are [signed](<https://blog.confiant.com/osx-hydromac-a-new-macos-malware-leaked-from-a-flashcards-app-2af28f1caa9e>) with a valid signature using developer certificates, prompting Apple to revoke the certificates \"within a matter of days (sometimes hours) of samples being observed on VirusTotal, offering some belated and temporary protection against further infections by those particular signed samples by means of Gatekeeper and OCSP signature checks,\" Stokes noted.\n\nSentinelOne said it detected new samples signed with fresh certificates in a couple of hours and days, calling it a \"game of whack-a-mole.\" First samples of AdLoad are said to have appeared as early as November 2020, with regular further occurrences across the first half of 2021, followed by a sharp uptick throughout July and, in particular, the early weeks of August 2021.\n\nAdLoad is among the malware families, alongside Shlayer, that's been known to bypass XProtect and infect Macs with other malicious payloads. In April 2021, Apple addressed an actively exploited zero-day flaw in its Gatekeeper service ([CVE-2021-30657](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>)) that was abused by the Shlayer operators to deploy unapproved software on the compromised systems.\n\n\"Malware on macOS is a problem that the device manufacturer is struggling to cope with,\" Stokes said. \"The fact that hundreds of unique samples of a well-known adware variant have been circulating for at least 10 months and yet still remain undetected by Apple's built-in malware scanner demonstrates the necessity of adding further endpoint security controls to Mac devices.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-08-16T07:29:00", "type": "thn", "title": "New AdLoad Variant Bypasses Apple's Security Defenses to Target macOS Systems", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30657"], "modified": "2021-08-16T11:40:43", "id": "THN:EC6D350524B71F2DAA2D6B7CADC88677", "href": "https://thehackernews.com/2021/08/new-adload-variant-bypasses-apples.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-09T12:38:01", "description": "[](<https://thehackernews.com/images/-fNVyfZ9xLu4/YLDS4IiFgCI/AAAAAAAACq0/ysLAa9WYkXYAknx7W8VKLTshqroWpDJFgCLcBGAsYHQ/s0/russian-hackers.jpg>)\n\nMicrosoft on Thursday disclosed that the threat actor behind the [SolarWinds supply chain hack](<https://thehackernews.com/2021/03/researchers-find-3-new-malware-strains.html>) returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S.\n\nSome of the entities that were singled out include the U.S. Atlantic Council, the Organization for Security and Co-operation in Europe (OSCE), the Ukrainian Anti-Corruption Action Center (ANTAC), the EU DisinfoLab, and the Government of Ireland's Department of Foreign Affairs.\n\n\"This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,\" Tom Burt, Microsoft's Corporate Vice President for Customer Security and Trust, [said](<https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/>). \"At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work.\"\n\nMicrosoft attributed the ongoing intrusions to the Russian threat actor it tracks as Nobelium, and by the wider cybersecurity community under the monikers APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).\n\nThe latest [wave](<https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/>) in a series of intrusions is said to have begun on Jan. 28, 2021, before reaching a new level of escalation on May 25. The attacks leveraged a legitimate mass-mailing service called Constant Contact to conceal its malicious activity and masquerade as USAID, a U.S.-based development organization, for a wide-scale phishing campaign that distributed phishing emails to a variety of organizations and industry verticals.\n\n\"Nobelium launched this week's attacks by gaining access to the Constant Contact account of USAID,\" Burt said.\n\nThese seemingly authentic emails included a link that, when clicked, delivered a malicious optical disc image file (\"ICA-declass.iso\") to inject a custom Cobalt Strike Beacon implant dubbed NativeZone (\"Documents.dll\"). The backdoor, similar to previous custom malware like [Raindrop](<https://thehackernews.com/2021/01/researchers-discover-raindrop-4th.html>) and [Teardrop](<https://thehackernews.com/2020/12/a-second-hacker-group-may-have-also.html>), comes equipped with capabilities to maintain persistent access, conduct lateral movement, exfiltrate data, and install additional malware.\n\n[](<https://thehackernews.com/images/-Kqca89OnZHA/YLDPv9iZshI/AAAAAAAACqk/k4ouHzcz69c07swH-6a9KPn5MiMEqeytgCLcBGAsYHQ/s0/hackers.jpg>)\n\nIn another variation of the targeted attacks detected before April, Nobelium experimented with profiling the target machine after the email recipient clicked the link. In the event the underlying operating system turned out to be iOS, the victim was redirected to a second remote server to dispatch an exploit for the then zero-day [CVE-2021-1879](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>). Apple addressed the flaw on March 26, acknowledging that \"this issue may have been actively exploited.\"\n\n[](<https://thehackernews.com/images/-VCSkL1uJd1E/YLDQPDIOPaI/AAAAAAAACqs/_v2-iFt6JOc5GNscw2QmgJTekQnK5Kr-gCLcBGAsYHQ/s0/ms-windows.jpg>)\n\nCybersecurity firms [Secureworks](<https://www.secureworks.com/blog/usaid-themed-phishing-campaign-leverages-us-elections-lure>) and [Volexity](<https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/>), which corroborated the findings, said the campaign singled out non-governmental organizations, research institutions, government entities, and international agencies situated in the U.S., Ukraine, and the European Union.\n\n\"The very narrow and specific set of email identifiers and organizations observed by CTU researchers strongly indicate that the campaign is focused on U.S. and European diplomatic and policy missions that would be of interest to foreign intelligence services,\" researchers from Secureworks Counter Threat Unit noted.\n\nThe latest attacks add to evidence of the threat actor's recurring pattern of using [unique infrastructure](<https://thehackernews.com/2021/04/researchers-find-additional.html>) and tooling for each target, thereby giving the attackers a high level of stealth and enabling them to remain undetected for extended periods of time.\n\nThe ever-evolving nature of Nobelium's tradecraft is also likely to be a direct response to the highly publicized SolarWinds incident, suggesting the attackers could further continue to experiment with their methods to meet their objectives.\n\n\"When coupled with the attack on SolarWinds, it's clear that part of Nobelium's playbook is to gain access to trusted technology providers and infect their customers,\" Burt said. \"By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-05-28T11:24:00", "type": "thn", "title": "SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-06-02T04:59:08", "id": "THN:D28CBE91134FEFC2BFDB69F581D44799", "href": "https://thehackernews.com/2021/05/solarwinds-hackers-target-think-tanks.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-09T12:37:46", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEj7hYJhrnn0mNN9DuCLUgEl6UwN03ALFOQxI2l87MfoAAkUG-o8fN1GEe9JmSvCgY37S_8Zxrhd3hf4PXlc3y8Sm4IWqACj4_zXuicR30fOVjnpXkZJCW5LUA7EsB-C8kfn7Caq6m2iA6mEOelc1sLvfOvpUh6b-ghilTR8Ew9dFEZ8QTWS80dfATQe>)\n\nApple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to \"trivially and reliably\" bypass a \"myriad of foundational macOS security mechanisms\" and run arbitrary code.\n\nSecurity researcher Patrick Wardle [detailed](<https://twitter.com/objective_see/status/1473741597368098819>) the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the issue relates to a scenario where a rogue macOS app may circumvent [Gatekeeper](<https://support.apple.com/guide/deployment-reference-macos/using-gatekeeper-apd02b925e38/web>) checks, which ensure that only trusted apps can be run and that they have passed an automated process called \"[app notarization](<https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution>).\"\n\nThe iPhone maker, crediting Gordon Long of Box with reporting the flaw, said it [addressed the weakness](<https://support.apple.com/en-us/HT212804>) with improved checks as part of macOS 11.6 updates officially released on September 20, 2021.\n\n\"Such bugs are often particularly impactful to everyday macOS users as they provide a means for adware and malware authors to sidestep macOS security mechanisms, \u2026mechanisms that otherwise would thwart infection attempts,\" Wardle [said](<https://objective-see.com/blog/blog_0x6A.html>) in a technical write-up of the flaw.\n\nSpecifically, the bug not only gets around Gatekeeper, but also [File Quarantine](<https://objective-see.com/blog/blog_0x64.html>) and macOS's notarization requirements, effectively allowing a seemingly innocuous PDF file to compromise the entire system simply by opening it. According to Wardle, the issue is rooted in the fact that an unsigned, non-notarized script-based application can _not_ explicitly specify an [interpreter](<https://en.wikipedia.org/wiki/Interpreter_\\(computing\\)>), resulting in a complete bypass.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEhaS7jTP3LdoYlOs3uvjlTWwVIyRTBuBZvrgH5h0BvDwkDordpF-jyEtBSuXIfZS1CLx3eNhW8bojx3D3cTVgeSQpeH4ud7VeFYHauWeKNZOCoFJu2t8lEL9z8-Q1HgxlAIMqdqqQLPuNDD_tHhwBrH19TZoN-uGIrYL81citlvxdHm_rA4EpIzUhLg>)\n\nIt's worth noting that a [shebang](<https://en.wikipedia.org/wiki/Shebang_\\(Unix\\)>) interpreter directive \u2014 e.g. #!/bin/sh or #!/bin/bash \u2014 is typically used to parse and interpret a shell program. But in this edge-case attack, an adversary can craft an application such that the shebang line is incorporated without providing an interpreter (i.e., #!) and still get the underlying operating system to launch the script without raising any alert.\n\nThis is so because \"macOS will (re)attempt to execute the failed ['interpreter-less' script-based app] via the shell ('/bin/sh')\" after the initial lack of success, Wardle explained.\n\nIn other words, threat actors can exploit this flaw by tricking their targets into opening a rogue app that can be camouflaged as Adobe Flash Player updates or trojanized versions of legitimate apps like Microsoft Office, which, in turn, can be delivered through a method called search poisoning where attackers artificially increase the search engine ranking of websites hosting their malware to lure potential victims.\n\nThis is not the first time flaws have been discovered in the Gatekeeper process. Earlier this April, Apple moved to quickly patch a then actively exploited zero-day flaw ([CVE-2021-30657](<https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html>)) that could circumvent all security protections, thus permitting unapproved software to be run on Macs.\n\nThen in October, Microsoft disclosed a vulnerability dubbed \"Shrootless\" ([CVE-2021-30892](<https://thehackernews.com/2021/10/new-shrootless-bug-could-let-attackers.html>)), which could be leveraged to perform arbitrary operations, elevate privileges to root, and install rootkits on compromised devices. Apple [said](<https://support.apple.com/en-us/HT212872>) it remediated the problem with additional restrictions as part of security updates pushed on October 26, 2021.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-24T13:07:00", "type": "thn", "title": "Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30657", "CVE-2021-30853", "CVE-2021-30892"], "modified": "2021-12-24T13:07:16", "id": "THN:30412CF0C94BB814E9BC328633580D99", "href": "https://thehackernews.com/2021/12/expert-details-macos-bug-that-could-let.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-09T12:39:04", "description": "[](<https://thehackernews.com/images/-JkdnPjEoviI/YD4G2g-EQ-I/AAAAAAAAB6g/I6C5TlNMQxAIwwzQS6Wp-RZQ_w3UKsTqgCLcBGAsYHQ/s0/iphone-jailbreak.jpg>)\n\nA popular jailbreaking tool called \"unc0ver\" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild.\n\nThe latest release, dubbed unc0ver v6.0.0, was [released](<https://unc0ver.dev>) on Sunday, according to its lead developer Pwn20wnd, expanding its compatibility to jailbreak any device running iOS 11.0 through iOS 14.3 using a kernel vulnerability, including iOS 12.4.9-12.5.1, 13.5.1-13.7, and 14.0-14.3.\n\nTracked as [CVE-2021-1782](<https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html>), the flaw is a privilege escalation vulnerability in the kernel stemming from a race condition that could cause a malicious application to elevate its privileges.\n\n\"We wrote our own exploit based on CVE-2021-1782 for #unc0ver to achieve optimal exploit speed and stability,\" Pwn20wnd [said](<https://twitter.com/Pwn20wnd/status/1364878565523787777>) in a separate tweet.\n\nThe vulnerability has since been addressed by Apple as part of its iOS and iPadOS 14.4 updates released on January 26, 2021, but not before admitting that the issue may have been under active attack by bad actors.\n\nThe iPhone maker, however, did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.\n\nJailbreaking, similar to rooting on Google's Android, involves a privilege escalation that works by exploiting flaws in iOS to grant users root access and full control over their devices. In doing so, it allows iOS users to remove software restrictions imposed by Apple, thereby allowing access to additional customization and otherwise prohibited apps.\n\nFor its part, Apple has steadily made it difficult to jailbreak devices by locking down its hardware and software for security reasons, which it says helps counter malware attacks.\n\nZecOps CEO Zuk Avraham [said](<https://twitter.com/ihackbanme/status/1365862089567346689>) the jailbreak is \"yet another example that attackers have an edge on iOS vs. defenders,\" adding \"[Apple] needs to stop the need to jailbreak the device in the first place and should just enable users to have full access without a need to run an exploit.\"\n\nLast May, the unc0ver team released a [similar jailbreak](<https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html>) for iPhones running iOS 11 to iOS 13.5 by exploiting a memory consumption issue in the kernel ([CVE-2020-9859](<https://support.apple.com/en-us/HT211214>)). But it was patched by Apple in a matter of days with the release of iOS 13.5.1 to prevent the vulnerability from being exploited maliciously.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-02T09:37:00", "type": "thn", "title": "New 'unc0ver' Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9859", "CVE-2021-1782"], "modified": "2021-03-03T06:24:33", "id": "THN:012D6A298BED906B54D36D175756D4A7", "href": "https://thehackernews.com/2021/03/new-unc0ver-tool-can-jailbreak-all.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:37:44", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEgK-WR62cxWkPDyTUVWOWBhQvaDyllfMH_d-kb4YaZHrOTeRHUOcnufFDFV9PrAu04GXgaq1c6APNcCTOQChhtNf8rUCHBZ-YpTjYDx-ryOiloSfPF_W5fDz3xSoCuQaHs3p1qOlUx4J38_nTtRw-9QUrKLN8v9YKNcJMNNVYT1GgMYd1fNYD3oP8y2>)\n\nMicrosoft on Monday disclosed details of a recently patched security vulnerability in Apple's macOS operating system that could be weaponized by a threat actor to expose users' personal information.\n\nTracked as CVE-2021-30970, the flaw concerns a logic issue in the Transparency, Consent and Control (TCC) security framework, which enables users to configure the privacy settings of their apps and provide access to protected files and app data. The [Security &amp; Privacy pane](<https://support.apple.com/en-ie/guide/mac-help/mchlf6d108da/mac>) in the macOS System Preferences app serves as the front end of TCC.\n\nMicrosoft 365 Defender Research Team, which reported the vulnerability to Apple on July 15, 2021, dubbed the flaw \"**powerdir**.\" Apple [addressed](<https://thehackernews.com/2021/12/latest-apple-ios-update-patches-remote.html>) the issue as part of macOS 11.6 and 12.1 updates released in December 2021 with improved state management.\n\nWhile Apple does enforce a policy that limits access to TCC to only apps with full disk access, it's possible to orchestrate an attack wherein a malicious application could work around its privacy preferences to retrieve sensitive information from the machine, potentially allowing an adversary to access microphone to record private conversations or capture screenshots of sensitive information displayed on the user's screen.\n\n\"We discovered that it is possible to programmatically change a target user's home directory and plant a fake TCC database, which stores the consent history of app requests,\" Jonathan Bar Or of Microsoft 365 Defender Research Team [said](<https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/>). \"If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user's protected personal data.\"\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEjjfrgh7suOG5Tu2OGmCDL7fyu4WfgKMb-41CAK5oVT_r8YkC1OxocnbLVKGEN1N24pionza2DTyKbVadGoPG7nBHPgFZvuCZ-gD26vnf4WVavho3uad8zAnuFIke65TKWKW9KB3FwHSzPyTNCJ7rQh374j0-pljst9_rUfwXMJsqlkC7KkcXuYaALf>)\n\nIn other words, if a bad actor gains full disk access to the TCC databases, the intruder could edit it to grant arbitrary permissions to any app of their choice, including their own, effectively permitting the app run with configurations previously not consented to.\n\nCVE-2021-30970 is also the third TCC-related bypass vulnerability to be discovered after [CVE-2020-9934](<https://nvd.nist.gov/vuln/detail/CVE-2020-9934>) and [CVE-2020-27937](<https://nvd.nist.gov/vuln/detail/CVE-2020-27937>), both of which have since been remediated by Apple. Then in May 2021, the company also patched a then zero-day flaw in the same component ([CVE-2021-30713](<https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html>)) that could allow an attacker to gain full disk access, screen recording, or other permissions without users' explicit consent.\n\n\"This shows that even as macOS or other operating systems and applications become more hardened with each release, software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them,\" Bar Or said.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-11T07:09:00", "type": "thn", "title": "Microsoft Details macOS Bug That Could Let Attackers Gain Access to User Data", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27937", "CVE-2020-9934", "CVE-2021-30713", "CVE-2021-30970"], "modified": "2022-01-11T10:41:00", "id": "THN:6D9C30F48BF06002190A9401A9E9AFC8", "href": "https://thehackernews.com/2022/01/microsoft-details-macos-bug-that-could.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:21", "description": "[](<https://thehackernews.com/images/-xmPJ5TMTpac/YO_wfpf1LkI/AAAAAAAADM4/xSKsZYAbLBYJjYvNQilqUM9z0lf0Rx7_gCLcBGAsYHQ/s0/chrome.jpg>)\n\nThreat intelligence researchers from Google on Wednesday [shed more light](<https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/>) on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.\n\nWhat's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks. The list of now-patched vulnerabilities is as follows -\n\n * [**CVE-2021-1879**](<https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html>): Use-After-Free in QuickTimePluginReplacement (Apple WebKit)\n * [**CVE-2021-21166**](<https://thehackernews.com/2021/03/new-chrome-0-day-bug-under-active.html>): Chrome Object Lifecycle Issue in Audio\n * [**CVE-2021-30551**](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>): Chrome Type Confusion in V8\n * [**CVE-2021-33742**](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>): Internet Explorer out-of-bounds write in MSHTML\n\nBoth Chrome zero-days \u2014 CVE-2021-21166 and CVE-2021-30551 \u2014 are believed to have been used by the same actor, and were delivered as one-time links sent via email to targets located in Armenia, with the links redirecting unsuspecting users to attacker-controlled domains that masqueraded as legitimate websites of interest to the recipients.\n\nThe malicious websites took charge of fingerprinting the devices, including collecting system information about the clients, before delivering a second-stage payload.\n\nWhen Google rolled out a patch for CVE-2021-30551, Shane Huntley, Director of Google's Threat Analysis Group (TAG), revealed that the vulnerability was leveraged by the same actor that abused CVE-2021-33742, an actively exploited remote code execution flaw in Windows MSHTML platform that was addressed by Microsoft as part of its [Patch Tuesday update](<https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html>) on June 8.\n\nThe two zero-days were provided by a commercial exploit broker to a nation-state adversary, which used them in limited attacks against targets in Eastern Europe and the Middle East, Huntley previously added.\n\n[](<https://thehackernews.com/images/--ol-CfJ3-bE/YO_tDkpfuNI/AAAAAAAADMw/bonGU0wpX_QzAsMNe5_Eh_0_Nb4OAma_QCLcBGAsYHQ/s0/zero-day.jpg>)\n\nNow according to a technical report published by the team, all the three zero-days were \"developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors,\" adding the Internet Explorer flaw was used in a campaign targeting Armenian users with malicious Office documents that loaded web content within the web browser.\n\nGoogle did not disclose the identities of the exploit broker or the two threat actors that used the vulnerabilities as part of their attacks.\n\n## SolarWinds Hackers Exploited iOS Zero-Day\n\nThe Safari zero-day, in contrast, concerned a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks. The issue was rectified by Apple on March 26, 2021.\n\nAttacks leveraging CVE-2021-1879, which Google attributed to a \"likely Russian government-backed actor,\" were executed by means of sending malicious links to government officials over LinkedIn that, when clicked from an iOS device, redirected the user to a rogue domain that served the next-stage payloads.\n\nIt's worth noting that the offensive also mirrors a [wave of targeted attacks](<https://thehackernews.com/2021/05/solarwinds-hackers-target-think-tanks.html>) unleashed by Russian hackers tracked as Nobelium, which was found abusing the vulnerability to strike government agencies, think tanks, consultants, and non-governmental organizations as part of an email phishing campaign.\n\nNobelium, a threat actor linked to the Russian Foreign Intelligence Service (SVR), is also suspected of orchestrating the [SolarWinds supply chain attack](<https://thehackernews.com/2020/12/us-agencies-and-fireeye-were-hacked.html>) late last year. It's known by other aliases such as APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).\n\n\"Halfway into 2021, there have been [33 zero-day exploits](<https://googleprojectzero.github.io/0days-in-the-wild/rca.html>) used in attacks that have been publicly disclosed this year \u2014 11 more than the total number from 2020,\" TAG researchers Maddie Stone and Clement Lecigne noted. \"While there is an increase in the number of zero-day exploits being used, we believe greater detection and disclosure efforts are also contributing to the upward trend.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-15T08:25:00", "type": "thn", "title": "Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879", "CVE-2021-21166", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-07-15T12:45:33", "id": "THN:BBBFDA7EEE18F813A5DA572FD390D528", "href": "https://thehackernews.com/2021/07/google-details-ios-chrome-ie-zero-day.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2021-10-21T08:35:39", "description": "Apple has released a security update for iOS and iPad that addresses a critical vulnerability reportedly being exploited in the wild.\n\nThe update has been made available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).\n\n### The vulnerability\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). This one is listed as [CVE-2021-30883](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30883>) and allows an application to execute arbitrary code with kernel privileges. Kernel privileges can be achieved by using a memory corruption issue in the &quot;IOMobileFrameBuffer&quot; component.\n\nKernel privileges are a serious matter as they offer an attacker more than administrator privileges. In kernel mode, the executing code has complete and unrestricted access to the underlying hardware. It can execute any CPU instruction and reference any memory address. Kernel mode is generally reserved for the lowest-level, most trusted functions of the operating system.\n\nResearchers have already found that this vulnerability is exploitable from the browser, which makes it extra worrying.\n\n> We can confirm that the recently patched iOS 15.0.2 vulnerability, CVE-2021-30883, is also accessible from the browser: perfect for 1-click &amp; water-holing mobile attacks. This vulnerability is exploited in the wild. Update as soon as possible. <https://t.co/dhogxTM6pT>\n> \n> -- ZecOps (@ZecOps) [October 12, 2021](<https://twitter.com/ZecOps/status/1447804721771606016?ref_src=twsrc%5Etfw>)\n\nWatering holes are used as a highly targeted attack strategy. The attacker infects a website where they knows the intended victim(s) visits regularly. Depending on the nature of the infection, the attacker can single out their intended target(s) or just infect anyone that visits the site unprotected.\n\n### IOMobileFrameBuffer\n\nIOMobileFramebuffer is a kernel extension for managing the screen framebuffer. An earlier vulnerability in this extension, listed as [CVE-2021-30807](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>) was tied to the [Pegasus spyware](<https://blog.malwarebytes.com/privacy-2/2021/07/pegasus-spyware-has-been-here-for-years-we-must-stop-ignoring-it/>). This vulnerability also allowed an application to execute arbitrary code with kernel privileges. Coincidence? Or did someone take the entire IOMobileFramebuffer extension apart and save up the vulnerabilities for a rainy day?\n\nAnother iPhone exploit called [FORCEDENTRY](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/latest-iphone-exploit-forcedenrty-used-to-launch-pegasus-attack-against-bahraini-activists/>) was found to be used against Bahraini activists to launch the Pegasus spyware. Researchers at Citizen Lab disclosed this vulnerability and code to Apple, and it was listed as CVE-2021-30860.\n\n### Undisclosed\n\nAs is usual for Apple, both the researcher that found the vulnerability and the circumstances under which the vulnerability used in the wild are kept secret. Apple didn&#x27;t respond to a query about whether the previously found bug was being exploited by NSO Group&#x27;s Pegasus surveillance software.\n\n### Zero-days for days\n\nOver the last months Apple has had to close quite a few zero-days in iOS, iPadOS,and macOS. Seventeen if I have counted correctly.\n\n * [CVE-2021-1782](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1782>) - iOS-kernel: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-1870](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870>) \u2013 WebKit: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-1871](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1871>) \u2013 WebKit: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-1879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1879>) \u2013 WebKit: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30657>) \u2013 Gatekeeper: A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30661](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30661>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30663](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution.\n * [CVE-2021-30665](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30666](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30666>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30713](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30713>) \u2013 TCC: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30761](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30761>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30762](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30762>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-308](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>)[0](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>)[7](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>) \u2013 IOMobileFrameBuffer: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Tied to Pegasus (see above).\n * [CVE-2021-30858](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30858>) \u2013 WebKit: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n * [CVE-2021-30860](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860>) \u2013 CoreGraphics: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. This is FORCEDENTRY (see above).\n * [CVE-2021-30869](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30869>) \u2013 XNU: A malicious application may be able to execute arbitrary code with kernel privileges. [Reportedly](<https://www.helpnetsecurity.com/2021/09/24/cve-2021-30869/>) being actively exploited by attackers in conjunction with a previously known WebKit vulnerability.\n\nAnd last but not least, the latest addition\u2014CVE-2021-30883\u2014which means that of the 17 zero-days that were fixed over the course of a handful of months, at least 16 were found to be actively exploited.\n\n### Update\n\nApple advises users to update to [iOS 15.0.2 and iPadOS 15.0.2](<https://support.apple.com/en-gb/HT212846>) which can be done through the automatic update function or iTunes.\n\nStay safe, everyone!\n\nThe post [Update now! Apple patches another privilege escalation bug in iOS and iPadOS](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/update-now-apple-patches-another-privilege-escalation-bug-in-ios-and-ipados/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-12T16:07:53", "type": "malwarebytes", "title": "Update now! Apple patches another privilege escalation bug in iOS and iPadOS", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-30869", "CVE-2021-30883"], "modified": "2021-10-12T16:07:53", "id": "MALWAREBYTES:11D4071979D3FC1E6028AA8D71EB87F4", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/update-now-apple-patches-another-privilege-escalation-bug-in-ios-and-ipados/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-15T16:31:38", "description": "Apple has fixed two vulnerabilities in Safari&#x27;s WebKit component, [announcing](<https://support.apple.com/en-us/HT212548>) it is aware of a report that they may have been actively exploited. Both vulnerabilities could be abused by maliciously crafted web content that could lead to arbitrary code execution: In other words, the bugs let rogue websites do things on your phone without your permission.\n\nLetting users of its products know that vulnerabilities are being actively exploited is a new approach for Apple. It has always been reluctant to provide much context in its security bulletins and only recently started adding information about whether vulnerabilities are being used in the wild.\n\n### WebKit\n\nWebKit is the web browser engine used by Safari, Mail, App Store, and many other apps on macOS, iOS, and Linux. The vulnerable WebKit version is available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). \n\nThis is the 9th actively-exploited zero-day patched by Apple this year. Seven of them were related to WebKit. One was a GateKeeper bypass, and the other a TCC bypass. Gatekeeper is designed to ensure that only trusted software runs on your Mac, and Apple\u2019s TCC protection is built to safeguard privacy.\n\n### CVEs\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. The two vulnerabilities that were reported to be abused in the wild are:\n\n * [CVE-2021-30761](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30761>): A memory corruption issue.\n * [CVE-2021-30762](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30762>): A use after free issue.\n\nBoth vulnerabilities have been submitted by an anonymous researcher. It is not known whether they were both submitted by the same researcher.\n\n### Memory corruption issue\n\nMemory corruption bugs occur when a program&#x27;s memory is modified in a way that was not anticipated by the programmers. When used by an attacker, a memory corruption bug can become a serious security vulnerability that might allow an attacker to leak sensitive information or execute arbitrary code. The generic term &quot;memory corruption&quot; is often used to describe the consequences of writing to memory outside the bounds of a buffer, or to memory addresses that are invalid.\n\n### Use after free\n\nUse-After-Free (UAF) is a vulnerability related to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.\n\n### Apple\n\nAs is customary, Apple did not provide details on the zero-day attacks, which appear to be aimed at a range of older models of iPhones. It\u2019s remarkable that Apple disclosed that these vulnerabilities are being used in the wild as this has not been its habit until recently.\n\n> \u201cFor our customers&#x27; protection, Apple doesn&#x27;t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\u201d\n\nWaiting to disclose issues until a patch is available certainly makes sense, but keeping under wraps how serious an issue is, is a different case. Whether this new habit of letting customers know that vulnerabilities are actively being abused is here to stay remains unknown, but it brings Apple more inline with industry norms. From our perspective it is progress. Not in the least because it gives users a perspective into the urgency of getting the necessary patches.\n\nStay safe, everyone!\n\nThe post [Patch now! Apple fixes in-the-wild iPhone vulnerabilities](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/06/patch-now-apple-fixes-in-the-wild-iphone-vulnerabilities/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2021-06-15T14:35:37", "type": "malwarebytes", "title": "Patch now! Apple fixes in-the-wild iPhone vulnerabilities", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-30761", "CVE-2021-30762"], "modified": "2021-06-15T14:35:37", "id": "MALWAREBYTES:D9516FC71F8DBF10DCC510845A7FBC9E", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/06/patch-now-apple-fixes-in-the-wild-iphone-vulnerabilities/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-10-12T14:54:18", "description": "The start of fall 2021 saw the fourth [Objective by the Sea (OBTS)](<https://objectivebythesea.com>) security conference, which is the only security conference to focus exclusively on Apple&#x27;s ecosystem. As such, it draws many of the top minds in the field. This year, those minds, having been starved of a good security conference for so long, were primed and ready to share all kinds of good information.\n\nConferences like this are important for understanding how attackers and their methods are evolving. Like all operating systems, macOS presents a moving target to attackers as it acquires new features and new forms of protection over time.\n\nOBTS was a great opportunity to see how attacks against macOS are evolving. Here&#x27;s what I learned.\n\n### Transparency, Consent, and Control bypasses\n\nTransparency, Consent, and Control (TCC) is a system for requiring user consent to access certain data, via prompts confirming that the user is okay with an app accessing that data. For example, if an app wants to access something like your contacts or files in your Documents folder on a modern version of macOS, you will be asked to allow it before the app can see that data.\n\nA TCC prompt asking the user to allow access to the Downloads folder\n\nIn recent years, Apple has been ratcheting down the power of the root user. Once upon a time, root was like God\u2014it was the one and only user that could do everything on the system. It could create or destroy, and could see all. This hasn&#x27;t been the case for years, with things like System Integrity Protection (SIP) and the read-only signed system volume preventing even the root user from changing files across a wide swath of the hard drive.\n\nTCC has been making inroads in further reducing the power of root over users&#x27; data. If an app has root access, it still cannot even _see_\u2014much less modify\u2014a lot of the data in your user folder without your explicit consent.\n\nThis can cause some problems. For example, antivirus software such as Malwarebytes needs to be able to see everything it can in order to best protect you. But even though some Malwarebytes processes are running with root permissions, they still can&#x27;t see some files. Thus, apps like this often have to require the user to give a special permission called Full Disk Access (FDA). Without FDA, Malwarebytes and other security apps can&#x27;t fully protect you, but only you can give that access.\n\nThis is generally a good thing, as it puts you in control of access to your data. Malware often wants access to your sensitive data, either to steal it or to encrypt it and demand a ransom. TCC means that malware can&#x27;t automatically gain access to your data if it gets onto your system, and may be a part of the reason why we just don&#x27;t see ransomware on macOS.\n\nTCC is a bit of a pain for us, and a common point of difficulty for users of our software, but it does mean that we can&#x27;t get access to some of your most sensitive files without your knowledge. This is assuming, of course, that you understood the FDA prompts and what you were agreeing to, which is debatable. Apple&#x27;s current process for assigning FDA doesn&#x27;t make that clear, and leaves it up to the app asking for FDA to explain the consequences. This makes tricking a user into giving access to something they shouldn&#x27;t pretty easy.\n\nHowever, social engineering isn&#x27;t the only danger. Many researchers presenting at this year&#x27;s conference talked about bugs that allowed them to get around the Transparency, Consent, and Control (TCC) system in macOS, _without getting user consent_.\n\nAndy Grant ([@andywgrant](<https://twitter.com/andywgrant>)) presented a vulnerability in which a remote attacker with root permissions can grant a malicious process whatever TCC permissions is desired. This process involving creating a new user on the system, then using that user to grant the permissions.\n\nCsaba Fitzl ([@theevilbit](<https://twitter.com/theevilbit>)) gave a talk on a &quot;Mount(ain) of Bugs,&quot; in which he discussed another vulnerability involving mount points for disk image files. Normally, when you connect an external drive or double-click a disk image file, the volume is &quot;mounted&quot; (in other words, made available for access) within the `/Volumes` directory. In other words, if you connect a drive named &quot;backup&quot;, it would become accessible on the system at `/Volumes/backup`. This is the disk&#x27;s &quot;mount point.&quot;\n\nTitle slide of Csaba Fitzl&#x27;s &quot;Mount(ain) of Bugs&quot; talk\n\nCsaba was able to create a disk image file containing a custom TCC.db file. This file is a database that controls the TCC permissions that the user has granted to apps. Normally, the TCC.db file is readable, but cannot be modified by anything other than the system. However, by mounting this disk image while also setting the mount point to the path of the folder containing the TCC.db file, he was able to trick the system into accepting his arbitrary TCC.db file as if it were the real one, allowing him to change TCC permissions however he desired.\n\nThere were other TCC bypasses mentioned as well, but perhaps the most disturbing is the fact that there&#x27;s a fairly significant amount of highly sensitive data that is not protected by TCC at all. Any malware can collect that data without difficulty.\n\nWhat is this data, you ask? One example is the `.ssh` folder in the user&#x27;s home folder. SSH is a program used for securely gaining command line access to a remote Mac, Linux, or other Unix system, and the `.ssh` folder is the location where certificates used to authenticate the connection are stored. This makes the data in that folder a high-value target for an attacker looking to move laterally within an organization.\n\nThere are other similar folders in the same location that can contain credentials for other services, such as AWS or Azure, which are similarly wide open. Also unprotected are the folders where data is stored for any browser other than Safari, which can include credentials if you use a browser&#x27;s built-in password manager.\n\nNow, admittedly, there could be some technical challenges to protecting some or all of this data under the umbrella of TCC. However, the average IT admin is probably more concerned about SSH keys or other credentials being harvested than in an attacker being able to peek inside your Downloads folder.\n\n### Attackers are doing interesting things with installers\n\nInstallers are, of course, important for malware to get installed on a system. Often, users must be tricked into opening something in order to infect their machine. There are a variety of techniques attackers can use that were discussed.\n\nOne common method for doing this is to use Apple installer packages (.pkg files), but this is not particularly stealthy. Knowledgeable and cautious folks may choose to examine the installer package, as well as the `preinstall` and `postinstall` scripts (designed to run exactly when you&#x27;d expect by the names), to make sure nothing untoward is going on.\n\nHowever, citing an example used in the recent Silver Sparrow malware, Tony Lambert ([@ForensicITGuy](<https://twitter.com/ForensicITGuy>)) discussed a sneaky method for getting malware installed: The oft overlooked `Distribution` file.\n\nThe `Distribution` file is found inside Apple installer packages, and is meant to convey information and options for the installer. However, JavaScript code can also be inserted in this file, to be run at the beginning of the installation, meant to be used to determine if the system meets the requirements for the software being installed.\n\nIn the case of Silver Sparrow, however, the installer used this script to download and install the malware covertly. If you clicked Continue in the dialog shown below, you&#x27;d be infected even if you then opted not to continue with the installation.\n\nClick Continue to install malware\n\nAnother interesting trick Tony discussed was the use of payload-free installers. These are installers that actually don&#x27;t contain any files to be installed, and are really just a wrapper for a script that does all the installation (likely via the `preinstall` script, but also potentially via `Distribution`).\n\nNormal installer scripts will leave behind a &quot;receipt,&quot; which is a file containing a record of when the installation happened and what was installed where. However, installers that lack an official payload, and that download everything via scripts, do not leave behind such a receipt. This means that an IT admin or security researcher would be missing key information that could reveal when and where malware had been installed.\n\nChris Ross ([@xorrior](<https://twitter.com/xorrior>)) discussed some of these same techniques, but also delved into installer plugins. These plugins are used within installer packages to create custom &quot;panes&quot; in the installer. (Most installers go through a specific series of steps prescribed by Apple, but some developers add additional steps via custom code.)\n\nThese installer plugins are written in Objective-C, rather than scripting languages, and therefore can be more powerful. Best of all, these plugins are very infrequently used, and thus are likely to be overlooked by many security researchers. Yet Chris was able to demonstrate techniques that could be used by such a plugin to drop a malicious payload on the system.\n\nYet another issue was presented in Cedric Owens&#x27; ([@cedowens](<https://twitter.com/cedowens>)) talk. Although not related to an installer package (.pkg file), a vulnerability in macOS ([CVE-2021-30657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30657>)) could allow a Mac app to entirely bypass Gatekeeper, which is the core of many of Apple&#x27;s security features.\n\nOn macOS, any time you open an app downloaded from the Internet, you should at a minimum see a warning telling you that you&#x27;re opening an app (in case it was something masquerading as a Word document, or something similar). If there&#x27;s anything wrong with the app, Gatekeeper can go one step further and prevent you from opening it at all.\n\nBy constructing an app that was missing some of the specific components usually considered essential, an attacker could create an app that was fully functional, but that would not trigger any warnings when launched. (Some variants of the Shlayer adware have been seen using this technique.)\n\nThe post [Inside Apple: How macOS attacks are evolving](<https://blog.malwarebytes.com/malwarebytes-news/2021/10/inside-apple-how-macos-attacks-are-evolving/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2021-10-12T12:52:23", "type": "malwarebytes", "title": "Inside Apple: How macOS attacks are evolving", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-30657"], "modified": "2021-10-12T12:52:23", "id": "MALWAREBYTES:F17E033D182A0D3753BC7398874F60EE", "href": "https://blog.malwarebytes.com/malwarebytes-news/2021/10/inside-apple-how-macos-attacks-are-evolving/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-05-28T18:16:34", "description": "Nobelium is a synthetic chemical element with the symbol No and atomic number 102. It is named in honor of Alfred Nobel. But it is also the name given to the threat actor that is behind the attacks against [SolarWinds](<https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/>), the [Sunburst](<https://blog.malwarebytes.com/detections/backdoor-sunburst/>)[ backdoor](<https://blog.malwarebytes.com/detections/backdoor-sunburst/>), TEARDROP malware, GoldMax malware, other [related components](<https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/>).\n\nMicrosoft Threat Intelligence Center (MSTIC) has issued a warning stating that it has uncovered a wide-scale malicious email campaign operated by NOBELIUM. In this campaign NOBELIUM leveraged the legitimate mass-mailing service Constant Contact. This allowed the threat actor to masquerade as a US-based development organization to distribute malicious URLs to a wide variety of organizations and industry verticals.\n\n### The campaign\n\nThis new wide-scale email campaign leverages the legitimate service Constant Contact to send malicious links that are disguised since they are obscured behind the mailing service\u2019s URL. Many similar services use this type of mechanism to simplify the sharing of files while providing insights into by who and when links are clicked.\n\n### Finding the most effective delivery method\n\nThe early beginnings of these campaigns were first noticed January 28, 2021, when the actor was seemingly performing early reconnaissance by only sending the tracking portion of the email, leveraging [Firebase](<https://firebase.google.com/>) URLs to record targets who clicked. Malicious payloads were not observed during this early activity.\n\nIn the next evolution of the campaign, MSTIC says it observed NOBELIUM attempting to compromise systems through an HTML file attached to a spear-phishing email. If a receiver opened the HTML attachment, embedded JavaScript code in the HTML wrote an ISO file to disc and encouraged the target to open it.\n\nSimilar spear-phishing campaigns were detected throughout March, which included the NOBELIUM actor making several alterations to the HTML document based on the intended target. MSTIC says it observed the actor encoding the ISO within the HTML document itself; redirecting from the HTML document to an ISO, which contained an RTF document, with the malicious Cobalt Strike Beacon DLL encoded within it; and replacing the HTML with a URL that led to a website that spoofed the targeted organization and hosted the ISO file.\n\n### The ISO payload\n\nAs we noted above, the payload is delivered via an ISO file. When ISO files are opened they are mounted much like an external or network drive. Threat actors may deploy a container into an environment to facilitate execution or evade defenses. And sometimes they will deploy a new container to execute processes associated with a particular image or deployment, such as processes that execute or download malware. In others, a threat actor may deploy a new container configured without network rules, user limitations, etc. to bypass existing defenses within the environment. In this case, a shortcut file (`.lnk`) would execute an accompanying DLL, which would result in a Cobalt Strike Beacon executing on the host. It is worth noting that the DLL is a hidden file. Cobalt Strike Beacons call out to the attacker&#x27;s infrastructure via port 443.\n\n### Experimenting with the payload\n\nThe delivery method was not the only evolving factor in the campaign. In one of the more targeted waves, no ISO payload was delivered, but additional profiling of the target device was performed by an actor-controlled web server after a user clicked the link. If the device targeted was an Apple iOS device, the user was redirected to another server under NOBELIUM control, where the since-patched zero-day exploit for [CVE-2021-1879](<https://nvd.nist.gov/vuln/detail/CVE-2021-1879>) was served.\n\nDuring the waves in April, the threat actor stopped using Firebase, and no longer tracked users. Their techniques shifted to encoding the ISO inside the HTML document. Target host details were now stored by the payload on a remote server via the use of the `api.ipify.org` service. The threat actor would sometimes employ checks for specific internal Active Directory domains that would terminate execution of the malicious process if it identified an unintended environment.\n\n### The latest surge\n\nOn May 25, the NOBELIUM campaign was noticed to escalate significantly, attempting to target around 3,000 individual accounts across more than 150 organizations. Due to the high volume of emails distributed in this campaign, many automated email threat detection systems blocked most of the malicious emails and marked them as spam. However, some automated threat detection systems may have successfully delivered some of the earlier emails to recipients either due to configuration and policy settings or prior to detections being in place.\n\n### The goal\n\nThe successful deployment of the payload enables NOBELIUM to gain persistent access to the compromised machines. The successful execution of these malicious payloads would also enable NOBELIUM to conduct further malicious activity, such as lateral movement, data exfiltration, and delivery of additional malware.\n\n### Indiciators of compromise (IOCs)\n\nIn its [warning](<https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/>), MSTIC provides a list of indicators of compromise from the large-scale campaign that launched on May 25, 2021. The organization notes that the attack is still active, these indicators should not be considered exhaustive for this observed activity.\n\nMalwarebytes detected the Cobalt Strike payload prior to the attack\n\nMalwarebytes also blocks the domain theyardservice.com\n\nStay safe, everyone!\n\nThe post [SolarWinds attackers launch new campaign](<https://blog.malwarebytes.com/threat-analysis/2021/05/solarwinds-attackers-launch-new-campaign/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-05-28T14:24:01", "type": "malwarebytes", "title": "SolarWinds attackers launch new campaign", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-05-28T14:24:01", "id": "MALWAREBYTES:D94336E4CB7536CC9CECC8C6FF696A77", "href": "https://blog.malwarebytes.com/threat-analysis/2021/05/solarwinds-attackers-launch-new-campaign/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-27T23:27:10", "description": "Apple has released patches for iOS 15.3, iPadOS 15.3, and macOS Monterey 12.2 and is urging users to update. The most significant reasons are two actively exploited zero-day vulnerabilities, one of which has a publicly disclosed Proof-of-Concept (PoC).\n\nUsing this vulnerability, designated [CVE-2022-22587](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22587>), a malicious app could execute random code with kernel privileges.\n\n## Why did it take so long\n\nThe zero-day appears to have been found and reported by at least two researchers independently of each other. Apple acknowledged an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition \u2013 Mercedes-Benz Innovation Lab, and Siddharth Aeri (@b1n4r1b01) for having reported this flaw.\n\nThe two researchers both stated that it took a long time for this bug to be acknowledged and fixed. One of them posted a Proof-of-Concept (PoC) on January 1st.\n\n> while my californian friends are still waiting for 2022 how about a kernel oob read that works on the latest iOS 15.2  <https://t.co/qo0WLLsQIV> <https://t.co/HZA0y5Sghi>\n> \n> -- binaryboy (@b1n4r1b01) [January 1, 2022](<https://twitter.com/b1n4r1b01/status/1477172028524355585?ref_src=twsrc%5Etfw>)\n\nThe other researcher reported the issue through the Zero-Day-Initiative (ZDI) three months ago, waited for two months and then decided to report to Apple directly.\n\n> I reported this vulnerability to [@thezdi](<https://twitter.com/thezdi?ref_src=twsrc%5Etfw>) about 3 months ago and unfortunately they didn\u2019t answer me for like 2 months, then i canceled my report and sent it to apple directly. And we see it had been exploited in the wild. <https://t.co/RjnjiY4esr>\n> \n> -- Meysam Firouzi (@R00tkitSMM) [January 26, 2022](<https://twitter.com/R00tkitSMM/status/1486477431431065601?ref_src=twsrc%5Etfw>)\n\nThe Zero Day Initiative (ZDI) was created to encourage the reporting of zero-day vulnerabilities privately to the affected vendors by financially rewarding researchers, although there has been some complaints from researchers that they didn&#x27;t feel they were taken seriously by the ZDI.\n\n## IOMobileFrameBuffer\n\nCVE-2022-22587 is a memory corruption bug in the IOMobileFrameBuffer that affects iOS, iPadOS, and macOS Monterey. IOMobileFrameBuffer is a kernel extension for managing the screen FrameBuffer. An earlier vulnerability in this extension, listed as [CVE-2021-30807](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>), was tied to the [Pegasus spyware](<https://blog.malwarebytes.com/privacy-2/2021/07/pegasus-spyware-has-been-here-for-years-we-must-stop-ignoring-it/>). Another one was listed as [CVE-2021-30883](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30883>) and also allowed an application to execute arbitrary code with kernel privileges. We hope that the input validation has now been curated to makes this impossible in the future.\n\n## Actively exploited\n\nApple [acknowledged](<https://support.apple.com/en-us/HT213053>) that it was aware of a report that this issue may have been actively exploited.\n\n## Safari Webkit bug\n\nThe second zero-day is the Safari WebKit bug in iOS and iPadOS that [allowed websites to track your browsing activity and users&#x27; identities](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/01/browsers-on-ios-ipados-and-mac-leak-your-browsing-activity-and-personal-identifiers/>) in real-time. After a researcher of FingerprintJS disclosed the bug in November, it was assigned the [CVE-2022-22594](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22594>) and has been fixed.\n\n## Updates\n\niOS 15.3 and iPadOS 15.3 fixes a total of ten security bugs. The updates are available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).\n\n\n\nmacOS Monterey 12.2 patches a total of 13 vulnerabilities in total. The latter also promises to bring smoother scrolling to MacBooks, fixing a previously reported scrolling issue in Safari.\n\nApple also released security fixes for legacy versions of macOS Big Sur and Catalina.\n\nStay safe, everyone!\n\nThe post [Update now! Apple patches another actively used zero-day](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/01/update-now-apple-patches-another-actively-used-zero-day/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-01-27T21:56:12", "type": "malwarebytes", "title": "Update now! Apple patches another actively used zero-day", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30807", "CVE-2021-30883", "CVE-2022-22587", "CVE-2022-22594"], "modified": "2022-01-27T21:56:12", "id": "MALWAREBYTES:C265FF6D1D82CDE3FB6E6C1E4248A791", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/01/update-now-apple-patches-another-actively-used-zero-day/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2021-10-21T08:40:06", "description": "Apple recently released iOS and iPadOS [15.0.2](<https://support.apple.com/en-us/HT212846>) as an emergency security update that addresses 1 critical zero-day vulnerabilities, which is exploited in wild. Qualys recommends that security teams should immediately update all devices running iOS and iPadOS to the latest version. &quot;_Apple is aware of a report that this issue may have been actively exploited_,&quot; the company said in [security advisories](<https://support.apple.com/en-us/HT212846>).\n\nThis year, Apple has released multiple emergency releases to fix the actively exploited vulnerabilities which _Apple is aware of a report that this issue may have been actively exploited_. Successful exploitation of the vulnerability allows an application to execute arbitrary code with kernel privileges, and spyware like [Pegasus](<https://blog.qualys.com/vulnerabilities-threat-research/2021/07/23/protect-your-devices-from-pegasus-spyware-using-vmdr-for-mobile-devices-proactive-approach>) can be easily deployed on affect devices, and exploiting other vulnerabilities, it will get access to a device.\n\nFollowing are the recent exploits and respective iOS and iPadOS versions in which they have been fixed by Apple since Jan 2021:\n\nCVE-2021-1870, CVE-2021-1871, CVE-2021-1782 \u2013 Fixed in [iOS and iPadOS 14.4](<https://support.apple.com/en-us/HT212146>)\n\nCVE-2021-1879 \u2013 Fixed in [iOS and iPadOS 14.4.2](<https://support.apple.com/en-us/HT212256>)\n\n[CVE-2021-30661](<https://blog.qualys.com/product-tech/2021/04/28/ios-and-ipados-14-5-security-update-vulnerabilities-discover-and-take-remote-response-action-using-vmdr-for-mobile-devices>) \u2013 Fixed in [iOS and iPadOS 14.5](<https://support.apple.com/en-us/HT212317>)\n\nCVE-2021-30665, CVE-2021-30663, CVE-2021-30666, CVE-2021-30661 \u2013 Fixed in [iOS and iPadOS 14.5.1](<https://support.apple.com/en-us/HT212336>) and [iOS 12.5.3](<https://support.apple.com/en-us/HT212341>)\n\nCVE-2021-30761, CVE-2021-30762 \u2013 Fixed in [iOS 12.5.4](<https://support.apple.com/en-us/HT212548>)\n\n[CVE-2021-30807](<https://blog.qualys.com/vulnerabilities-threat-research/2021/07/28/ios-and-ipados-14-7-and-14-7-1-security-update-discover-vulnerabilities-and-take-remote-response-action-using-vmdr-for-mobile-devices>) \u2013 Fixed in [iOS and iPadOS 14.7.1](<https://support.apple.com/en-us/HT212623>)\n\n[CVE-2021-30860, CVE-2021-30858, CVE-2021-30869](<https://blog.qualys.com/vulnerabilities-threat-research/2021/09/20/detect-prioritize-nso-pegasus-iphone-spyware-vulnerabilities-using-vmdr-for-mobile-devices>) \u2013 Fixed in [iOS and iPadOS 14.8](<https://support.apple.com/en-us/HT212807>) and [iOS 12.5.5](<https://support.apple.com/en-us/HT212824>)\n\n### Integer Overflow Vulnerability\n\nApple released a patch to fix integer overflow critical vulnerability (CVE-2021-30883). This vulnerability has a CVSSv3.1 base score of 8.8 and should be prioritized for patching as successful exploitation of the vulnerability allows a malicious application to execute arbitrary code with kernel privileges. It affects the iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\n### Discover Vulnerabilities and Take Remote Response Action Using VMDR for Mobile Devices\n\n#### Discover Assets Missing the Latest iOS Security Update\n\nThe first step in managing these critical vulnerabilities and reducing risk is to identify the assets. [Qualys VMDR for Mobile Devices](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/>) makes it easy to identify the iOS and iPadOS assets not updated to the latest version iOS and iPadOS 15.0.2. To get the comprehensive visibility of the mobile devices, you need to install [Qualys Cloud Agent](<https://www.qualys.com/cloud-agent/>) for Android or iOS/iPadOS on all mobile devices. The device onboarding process is easy, and the inventory of mobile devices is free.\n\nQuery: vulnerabilities.vulnerability.title:&quot;iOS 15.0.2\u2033\n\n\n\nOnce you get the list of assets missing the latest security patch, navigate to the Vulnerability tab. Enter the vulnerabilities.vulnerability.title:&quot;iOS 15.0.2\u2033 and apply the Group By \u201cVulnerabilities\u201d to get the list of the CVEs that Apple fixes in iOS and iPadOS 15.0.2 release. Qualys VMDR helps you understand what kind of risk you are taking by allowing the unpatched device to hold corporate data and connect to your corporate network.\n\n\n\nAlso, you can apply the Group By \u201cCVE Ids\u201d to get only the list of CVEs fixed by Apple in iOS and iPadOS 15.0.2 release.\n\n\n\nQID 610371 is available in signature version SEM VULNSIGS-1.0.0.48, and there is no dependency on any specific Qualys Cloud Agent version.\n\nWith the VMDR for Mobile Devices dashboard, you can track the status of the assets on which the latest security patch and update is missing. The dashboard will be updated with the latest data collected by Qualys Cloud Agent for Android and iOS devices.\n\n\n\n### Remote Response Action\n\nYou can perform the \u201cSend Message\u201d action to inform the end-user to update the devices to the latest OS version. Also, you may provide step-by-step details to update the security patch.\n\nWe recommend updating to the latest iOS and iPadOS version for the assets where vulnerabilities are detected as \u201cConfirmed\u201d.\n\n\n\n### Get Started Now\n\n[Qualys VMDR for Mobile Devices](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/>) is available free for 30 days to help customers detect vulnerabilities, monitor critical device settings, and correlate updates with the correct app versions available on Google Play Store. You can try our solution by [registering for the free 30-day service](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-18T07:41:18", "type": "qualysblog", "title": "Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-30869", "CVE-2021-30883"], "modified": "2021-10-18T07:41:18", "id": "QUALYSBLOG:5101CC734C1A900451E5994AFF57209A", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-09T06:36:02", "description": "[Start your VMDR 30-day, no-cost trial today](<https://www.qualys.com/forms/vmdr/>)\n\n## Overview\n\nOn November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>), &quot;Reducing the Significant Risk of Known Exploited Vulnerabilities.&quot; [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires agencies to review and update agency internal vulnerability management procedures within 60 days according to this directive and remediate each vulnerability according to the timelines outlined in &#x27;CISA&#x27;s vulnerability catalog.\n\nQualys helps customers to identify and assess risk to organizations&#x27; digital infrastructure and automate remediation. Qualys&#x27; guidance for rapid response to Operational Directive is below.\n\n## Directive Scope\n\nThis directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency&#x27;s behalf.\n\nHowever, CISA strongly recommends that private businesses and state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA&#x27;s public catalog.\n\n## CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [291 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. The Qualys Research team has mapped all these CVEs to applicable QIDs. You can view the complete list of CVEs and the corresponding QIDs [here](<https://success.qualys.com/discussions/s/article/000006791>).\n\n### Not all vulnerabilities are created equal\n\nOur quick review of the 291 CVEs posted by CISA suggests that not all vulnerabilities hold the same priority. CISA has ordered U.S. federal enterprises to apply patches as soon as possible. The remediation guidance can be grouped into three distinct categories:\n\n#### Category 1 \u2013 Past Due\n\nRemediation of 15 CVEs (~5%) are already past due. These vulnerabilities include some of the most significant exploits in the recent past, including PrintNightmare, SigRed, ZeroLogon, and vulnerabilities in CryptoAPI, Pulse Secure, and more. Qualys Patch Management can help you remediate most of these vulnerabilities.\n\n#### Category 2 \u2013 Patch in less than two weeks\n\n100 (34%) Vulnerabilities need to be patched in the next two weeks, or by **November 17, 2022**.\n\n#### Category 3 \u2013 Patch within six months\n\nThe remaining 176 vulnerabilities (60%) must be patched within the next six months or by **May 3, 2022**.\n\n## Detect CISA&#x27;s Vulnerabilities Using Qualys VMDR\n\nThe Qualys Research team has released several remote and authenticated detections (QIDs) for the vulnerabilities. Since the directive includes 291 CVEs, we recommend executing your search based on vulnerability criticality, release date, or other categories.\n\nFor example, to detect critical CVEs released in 2021:\n\n_vulnerabilities.vulnerability.criticality:CRITICAL and vulnerabilities.vulnerability.cveIds:[ `CVE-2021-1497`,`CVE-2021-1498`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-1782`,`CVE-2021-1870`,`CVE-2021-1871`,`CVE-2021-1879`,`CVE-2021-1905`,`CVE-2021-1906`,`CVE-2021-20016`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-21972`,`CVE-2021-21985`,`CVE-2021-22005`,`CVE-2021-22205`,`CVE-2021-22502`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-22986`,`CVE-2021-26084`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-28663`,`CVE-2021-28664`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-30657`,`CVE-2021-30661`,`CVE-2021-30663`,`CVE-2021-30665`,`CVE-2021-30666`,`CVE-2021-30713`,`CVE-2021-30761`,`CVE-2021-30762`,`CVE-2021-30807`,`CVE-2021-30858`,`CVE-2021-30860`,`CVE-2021-30860`,`CVE-2021-30869`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40444`,`CVE-2021-40539`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42258` ]_\n\n\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using the VMDR Prioritization report.\n\n\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n\n\nWith Qualys Unified Dashboard, you can track your exposure to the CISA Known Exploited Vulnerabilities and gather your status and overall management in real-time. With trending enabled for dashboard widgets, you can keep track of the status of the vulnerabilities in your environment using the [&quot;CISA 2010-21| KNOWN EXPLOITED VULNERABILITIES&quot;](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard:\n\n\n\n### Summary Dashboard High Level Structured by Vendor:\n\n\n\n## Remediation\n\nTo comply with this directive, federal agencies must remediate most &quot;Category 2&quot; vulnerabilities by **November 17, 2021**, and &quot;Category 3&quot; by May 3, 2021. Qualys Patch Management can help streamline the remediation of many of these vulnerabilities.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive&#x27;s aggressive remediation date of November 17, 2021. Running this query will find all required patches and allow quick and efficient deployment of those missing patches to all assets directly from within the Qualys Cloud Platform.\n\ncve:[`CVE-2021-1497`,`CVE-2021-1498`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-1782`,`CVE-2021-1870`,`CVE-2021-1871`,`CVE-2021-1879`,`CVE-2021-1905`,`CVE-2021-1906`,`CVE-2021-20016`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-21972`,`CVE-2021-21985`,`CVE-2021-22005`,`CVE-2021-22205`,`CVE-2021-22502`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-22986`,`CVE-2021-26084`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-28663`,`CVE-2021-28664`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-30657`,`CVE-2021-30661`,`CVE-2021-30663`,`CVE-2021-30665`,`CVE-2021-30666`,`CVE-2021-30713`,`CVE-2021-30761`,`CVE-2021-30762`,`CVE-2021-30807`,`CVE-2021-30858`,`CVE-2021-30860`,`CVE-2021-30860`,`CVE-2021-30869`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40444`,`CVE-2021-40539`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42258` ]\n\n\n\nQualys patch content covers many Microsoft, Linux, and third-party applications; however, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch the remaining CVEs in this list.\n\nNote that the due date for \u201cCategory 1\u201d patches has already passed. To find missing patches in your environment for \u201cCategory 1\u201d past due CVEs, copy the following query into the Patch Management app:\n\ncve:[&#x27;CVE-2021-1732\u2032,&#x27;CVE-2020-1350\u2032,&#x27;CVE-2020-1472\u2032,&#x27;CVE-2021-26855\u2032,&#x27;CVE-2021-26858\u2032,&#x27;CVE-2021-27065\u2032,&#x27;CVE-2020-0601\u2032,&#x27;CVE-2021-26857\u2032,&#x27;CVE-2021-22893\u2032,&#x27;CVE-2020-8243\u2032,&#x27;CVE-2021-22900\u2032,&#x27;CVE-2021-22894\u2032,&#x27;CVE-2020-8260\u2032,&#x27;CVE-2021-22899\u2032,&#x27;CVE-2019-11510&#x27;]\n\n\n\n## Federal Enterprises and Agencies Can Act Now\n\nFor federal enterprises and agencies, it&#x27;s a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>).\n\nHere are a few steps Federal enterprises can take immediately:\n\n * Run vulnerability assessments against all your assets by leveraging various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Patch Management to apply patches and other configurations changes\n * Track remediation progress through Unified Dashboards\n\n## Summary\n\nUnderstanding vulnerabilities is a critical but partial part of threat mitigation. Qualys VMDR helps customers discover, assess threats, assign risk, and remediate threats in one solution. Qualys customers rely on the accuracy of Qualys&#x27; threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any organization efficiently respond to the CISA directive.\n\n## Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-11-09T06:15:01", "type": "qualysblog", "title": "Qualys Response to CISA Alert: Binding Operational Directive 22-01", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510", "CVE-2020-0601", "CVE-2020-1350", "CVE-2020-1472", "CVE-2020-8243", "CVE-2020-8260", "CVE-2021-1497", "CVE-2021-1498", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-1905", "CVE-2021-1906", "CVE-2021-20016", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-21972", "CVE-2021-21985", "CVE-2021-22005", "CVE-2021-22205", "CVE-2021-22502", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-22986", "CVE-2021-26084", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-27101", "CVE-2021-27102", "CVE-2021-27103", "CVE-2021-27104", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-28663", "CVE-2021-28664", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-30869", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40444", "CVE-2021-40539", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42258"], "modified": "2021-11-09T06:15:01", "id": "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:34:25", "description": "Pegasus spyware is in the news, and it has been used to target devices of critical people from different sectors and countries including journalists, activists, politicians, and business executives. It has been said that a [leaked list of 50,000](<https://techcrunch.com/2021/07/19/toolkit-nso-pegasus-iphone-android/>) phone numbers of potential surveillance targets was obtained by Paris-based journalism nonprofit Forbidden Stories and Amnesty International.\n\nPegasus spyware is a surveillance software created by Israeli cyber intelligence firm NSO Group. Pegasus is one such software developed to gain access to your phone without consent and gather personal and sensitive information and deliver it to the user spying on you.\n\n### Attack Vectors and Impact of Pegasus Spyware\n\nThe first version of the spyware was detected in 2016 and used spear-phishing to infect a smartphone. It now adopts a different and more sophisticated approach for reaching new targets. It can infect a device using the &quot;[zero-click](<https://www.aljazeera.com/news/2020/12/21/al-jazeera-journalists-hacked-by-spyware-sold-by-israeli-firm>)&quot; attack done by exploiting the vulnerabilities present on the victim device. The &quot;zero-click&quot; attack happened earlier in December 2020 using iMessage vulnerabilities. Also, in [2019](<https://www.ft.com/content/4da1117e-756c-11e9-be7d-6d846537acab>) using the WhatsApp vulnerabilities.\n\nThe attack vectors for the Pegasus spyware are the vulnerabilities present on the devices: OS-level message (SMS) or iMessage app, WhatsApp, or other vulnerabilities that can be exploited.\n\nOnce Pegasus spyware is installed on the device, it can effectively monitor any activity you perform on it. This includes reading or copying your messages, extracting your media files, accessing your browser history, recording your calls, and much more.\n\n\n\n### VMDR for Mobile Devices Helps Protect from Pegasus Spyware\n\n[Qualys VMDR for Mobile Devices](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/>) detects devices that are potentially prone to Pegasus spyware based on the vulnerabilities mentioned below, which is a proactive approach. Pegasus is sophisticated spyware with anti-forensic and self-destruct features that make it difficult to detect. If it is uninstalled later, it does not leave any trace. VMDR for Mobile Devices must therefore detect if the device is vulnerable to Pegasus rather than detecting the presence of Pegasus spyware itself.\n\n#### iOS Pegasus:\n\nAll iOS devices are vulnerable to the following CVEs that are fixed in the latest iOS versions that might be used to install Pegasus spyware and to get the details from the devices\n\n * CVE-2020-9954, CVE-2020-9956, CVE-2020-9947, CVE-2020-9950, CVE-2020-9988, CVE-2020-9989, CVE-2020-9941 \u2013 Fixed in iOS and iPadOS 14\n * CVE-2020-10017, CVE-2020-27908, CVE-2020-27909 \u2013 Fixed in iOS and iPadOS 14.2\n * CVE-2020-29610 \u2013 Fixed in iOS and iPadOS 14.3\n * CVE-2021-1838, CVE-2021-1746, CVE-2021-1743, CVE-2021-1763, CVE-2021-1768, CVE-2021-1745, CVE-2021-1762, CVE-2021-1767, CVE-2021-1753, CVE-2021-1781 \u2013 Fixed in iOS 14.4\n * CVE-2021-1879 \u2013 Fixed in iOS and iPadOS 14.4.2\n * CVE-2021-30743, CVE-2021-1883 \u2013 Fixed in iOS 14.5\n * CVE-2021-30665, CVE-2021-30663, CVE-2021-30666(iOS 12.5.3), CVE-2021-30661(iOS 12.5.3) \u2013 Fixed in iOS and iPadOS 14.5.1 &amp; iOS 12.5.3\n * CVE-2021-30707, CVE-2021-30749, CVE-2021-30734 \u2013 Fixed in iOS and iPadOS 14.6\n * CVE-2021-30788, CVE-2021-30759, CVE-2021-30792, CVE-2021-30791 \u2013 Fixed in iOS and iPadOS 14.7\n\n_Note that more CVEs might be exploited by Pegasus of the old iOS versions, i.e., below 14.0. If you are using old iOS versions, then your device might be more vulnerable to Pegasus spyware._\n\nWith VMDR for Mobile Devices, quickly check the security posture of all your mobile devices across your enterprise to remove blind spots, continuously detect these vulnerabilities and prioritize them. This helps you to take appropriate actions on the impacted devices.\n\n \n\n#### Android Pegasus:\n\nVMDR for Mobile Devices quickly detects and prioritizes all the WhatsApp vulnerabilities, other messaging app vulnerabilities, and OS vulnerabilities. Earlier, the attack of Pegasus was made through [WhatsApp](<https://www.whatsapp.com/security/advisories/2021/>) app vulnerabilities, i.e., the Pegasus spyware can be installed on the phone using these vulnerabilities.\n\n\n\n#### Respond by Patching and Remediation\n\nVMDR for Mobile Devices helps you to get a view of all vulnerabilities along with their priorities. Prioritizing the vulnerabilities based on the severity helps you take corrective and preventive actions on the impacted devices.\n\nVMDR for Mobile Devices provides you the patch orchestration for Android devices that helps you rapidly remediate your Android assets. Patch orchestration helps you initiate the most relevant per-application version patches on the affected assets.\n\nYou do not have to create multiple jobs; one job will take care of all vulnerabilities of that application.\n\n\n\nVMDR for Mobile Devices will also detect the app installed from an unknown source and its configurations (available by the end of August). The Pegasus may be introduced or installed through an unknown source in Android and ask the user for the required permission to monitor activities.\n\n\n\nIn addition, VMDR for Mobile Devices detects all vulnerabilities of Android and iOS OS vulnerabilities fixed by Apple and Google in their security updates. These vulnerabilities lead Pegasus spyware to take control of the device.\n\nKeep an eye on the vulnerabilities detected by VMDR for Mobile Devices and take appropriate actions. That will help you to secure the devices from Pegasus spyware because the spyware can be installed only if the vulnerabilities are present on the device.\n\nAlso, if the devices are jailbroken or rooted, track them through the \u201cUnauthorized Root Access\u201d widget or use QQL (Qualys Query Language) \u2013 \u201casset.hasUnauthorizedRootAccess: Yes\u201d to find the compromised devices.\n\n\n\n### Get Started Now\n\n[Qualys VMDR for Mobile Devices](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/>) is available free for 30 days to help customers detect vulnerabilities, monitor critical device settings, and correlate updates with the correct app versions available on Google Play Store. You can try our solution by [registering for a free 30-day trial](<https://www.qualys.com/apps/vulnerability-management-detection-response/mobile-devices/>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-23T16:31:38", "type": "qualysblog", "title": "Protect your Devices from Pegasus Spyware using VMDR for Mobile Devices\u2019 Proactive Approach", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30792", "CVE-2020-9954", "CVE-2021-1753", "CVE-2021-1879", "CVE-2021-1763", "CVE-2020-9988", "CVE-2021-1743", "CVE-2021-30665", "CVE-2021-1762", "CVE-2020-9950", "CVE-2021-30734", "CVE-2021-30749", "CVE-2020-27909", "CVE-2021-1767", "CVE-2021-30661", "CVE-2020-9989", "CVE-2021-30788", "CVE-2021-1768", "CVE-2020-29610", "CVE-2021-1883", "CVE-2020-9941", "CVE-2021-1746", "CVE-2020-9956", "CVE-2021-1745", "CVE-2020-27908", "CVE-2021-30743", "CVE-2021-1781", "CVE-2020-9947", "CVE-2021-30663", "CVE-2021-30759", "CVE-2020-10017", "CVE-2021-1838", "CVE-2021-30707", "CVE-2021-30791", "CVE-2021-30666"], "modified": "2021-07-23T16:31:38", "id": "QUALYSBLOG:70AF718BCABA36D5847184CA639B55C9", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2021-05-05T13:57:45", "description": "Apple has issued out-of-band patches for critical security issues affecting iPad, iPhone and iPod, which could allow remote code execution (RCE) and other attacks, completely compromising users\u2019 systems. And, the computing giant thinks all of them may have already been exploited in the wild. \n\nThree of these are zero-day flaws, while one is an expanded patch for a fourth vulnerability. \n\nApple keeps details of security problems close to the vest, \u201cfor our customers\u2019 protection,\u201d saving the blood and guts until after it investigates and manages to pump out patches or new releases. \n\n[](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)\n\nJoin Threatpost for \u201c[Fortifying Your Business Against Ransomware, DDoS &amp; Cryptojacking Attacks](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)\u201d a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine.\n\nWhat data it does disclose can be found on its [support page](<https://support.apple.com/en-us/HT201222>). Here\u2019s a summary of the three zero-days: \n\n## **Zero-Day Bugs in WebKit**\n\n * **CVE-2021-30665:** A critical memory-corruption issue in the Safari WebKit engine where \u201cprocessing maliciously crafted web content may lead to arbitrary code execution\u201d was addressed with improved state management. Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). The bug was reported to Apple by three security researchers, nicknamed yangkang, zerokeeper and bianliang. \n\n * **CVE-2021-30663:** This second flaw is also found in the open-source WebKit browser engine. It\u2019s an integer overflow, reported by an anonymous researcher, that can also lead to RCE. It was addressed with improved input validation. Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). \n\n * **CVE-2021-30666:** A buffer-overflow issue was addressed with improved memory handling. Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nAnd here are details on the expanded patch for the fourth bug: \n\n## **WebKit Storage**\n\n * **CVE-2021-30661: **A use after free issue was addressed with improved memory management. Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). This flaw was discovered and reported to the iPhone maker by the security researcher named yangkang, @dnpushme, of Qihoo 360 ATA.\n\nApple\u2019s support page shows that this fourth one was actually patched on Monday last week (April 26) in iOS 14.5 and macOS 11.3, but not in iOS 12. \n\nNaked Security\u2019s Paul Ducklin finds this one [particularly interesting](<https://nakedsecurity.sophos.com/2021/05/04/apple-products-hit-by-fourfecta-of-zero-day-exploits-patch-now/>), and he noted that questions remain. Why wasn\u2019t iOS 12 updated at the same time as iOS 14.5 and macOS 11.3? Did the security hole crop up in the code base after iOS 12 was released, perhaps? \n\nNo, that\u2019s not it: the CVE-2021-30661 and CVE-2021-30666 bugs fixed on Monday only apply to iOS 12. So it remains unclear if the bug exists in recent operating system versions, or not, Ducklin said.\n\n\u201cIs this an old bug from iOS 12 that was carried forward into the current Apple codebase but has still not yet been patched there?\u201d Ducklin pondered. \u201cOr is it a bug that is unique to the older iOS 12 code that doesn\u2019t appear in the more recent operating system releases and can therefore now be considered to have been eliminated everywhere?\u201d\n\nThreatpost has reached out to Apple for comment.\n\n## **Patch Fast!**\n\nPer usual, Apple\u2019s lip is zipped. But one thing\u2019s for sure: Patching as soon as possible is top priority. As it is, the chance for websites passing along \u201cmaliciously crafted web content\u201d is alarming. If you translate Apple\u2019s statement that \u201cprocessing maliciously crafted web content may lead to arbitrary code execution, \u201cyou get a \u201c[drive-by](<https://threatpost.com/google-sites-solarmarket-rat/165396/>), web-based zero-day RCE exploit, according to Ducklin.\n\nIn other words, all you have to do to trigger infection is to visit and view a booby-trapped website. \n\nJohn Kinsella, chief architect at cloud security company Accurics, says this is one of the nastier types of security bugs: one in which the user isn\u2019t required to perform a certain action for an attacker\u2019s success. \u201cPart of the issue here is that it\u2019s not just the browser that a user needs to be careful with,\u201d he told Threatpost in an email on Tuesday. \u201cMany iOS apps are just wrappers around a web application, which would be rendered by WebKit. For example, HTML mail in Apple\u2019s Mail app will be rendered by WebKit, and this app is a hard one to avoid. Even if a user takes advantage of new iOS functionality to replace the default iOS Mail and Safari apps with other mail/browser apps, the underlying HTML rendering engine would still be WebKit-based on Apple\u2019s App Store rules.\u201d\n\nKinsella says that if he\u2019s at all suspicious of something, he won\u2019t open it on a mobile device, but rather on a desktop or laptop, where he has much more control. \u201cThat being said, I know I\u2019m not the average user,\u201d he said. \u201cThe best advice I have is to patch ASAP, and generally be very careful.\u201d\n\nGiven that Apple has acknowledged that these vulnerabilities have already been exploited in the wild, and given the fact that HTML content is so prevalent on mobile devices, Kinsella considers a drive-by RCE like this to be a highly serious issue, though \u201cThe overall security of iOS means this isn\u2019t a complete takeover of the mobile device.\u201d\n\nStill, every extra foothold an attacker can get \u201chelps them further compromise a device,\u201d he said. \u201cThe fact that malicious HTML can compromise something on my wrist doesn\u2019t thrill me. Luckily Apple\u2019s been quite consistent with the reliability of their patches in recent years, so while I may sometimes wait for others to \u2018beta test\u2019 a release, a security patch like this was applied to my devices ASAP.\u201d\n\n## **What is WebKit? The Little Engine That Could**\n\nApple developed the WebKit browser engine to run in its Safari web browser, but it\u2019s also used by Apple Mail, the App Store, and various apps on the macOS and iOS operating systems. This, of course, isn\u2019t the first time that the engine has hit some bumps. \n\nIn January, Apple released an emergency update that patched three iOS[ bugs](<https://threatpost.com/apple-patches-zero-days-ios-emergency-update/163374/>). Two of them (CVE-2021-1870 and CVE-2021-1871 ) were discovered in WebKit (and the third, tracked as CVE-2021-1782, was found in the OS kernel).\n\nMore recently, in March, Apple patched other [severe WebKit RCEs](<https://threatpost.com/apple-webkit-remote-code-execution/164595/>). Similar to Monday\u2019s updates, those WebKit fixes could have allowed remote attackers to completely compromise affected systems.\n\n05-04-2021 14:52 UPDATE: Added input from Accurics\u2019 John Kinsella.\n\n**Join Threatpost for \u201c**[**Fortifying Your Business Against Ransomware, DDoS &amp; Cryptojacking Attacks**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)**\u201d \u2013 a LIVE roundtable event on**[** Wed, May 12 at 2:00 PM EDT**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinarhttps://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)**. Sponsored by Zoho ManageEngine, Threatpost host Becky Bracken moderates an expert panel discussing best defense strategies for these 2021 threats. Questions and LIVE audience participation encouraged. Join the lively discussion and **[**Register HERE**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)** for free. **\n", "cvss3": {}, "published": "2021-05-04T16:16:37", "type": "threatpost", "title": "Apple Fixes Zero\u2011Day Security Bugs Under Active Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-22893", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666"], "modified": "2021-05-04T16:16:37", "id": "THREATPOST:33E56DEB736406F9DD08C7533BF1812B", "href": "https://threatpost.com/apple-zero%e2%80%91days-active-attack/165842/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-27T12:35:42", "description": "Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited.\n\nThe newly patched bugs are part of a [security update](<https://support.apple.com/en-us/HT212146>) released Tuesday for iOS 14.4 and iPadOS 14.4. One bug, tracked as CVE-2021-1782, was found in the OS kernel, while the other two\u2013CVE-2021-1870 and CVE-2021-1871\u2013were discovered in the WebKit browser engine.\n\nThe most recent vulnerabilities apparently weren\u2019t known when Apple released iOS 14.2 and iPadOS 14.2, a comprehensive update that patched a total of 24 vulnerabilities [back in November](<https://threatpost.com/apple-patches-bugs-zero-days/161010/>). That update included fixes for three zero-day flaws discovered by the Google Project Zero team that were actively being exploited in the wild. \n[](<https://threatpost.com/newsletter-sign/>)Attackers also may be actively taking advantage of the latest bugs, according to Apple. The company described the kernel flaw as a \u201ca race condition\u201d that the update addresses \u201cwith improved locking.\u201d If exploited, the vulnerability can allow a malicious application to elevate privileges.\n\nThe WebKit vulnerabilities are both logic issues that the update addresses with improved restrictions, according to Apple. Exploiting these flaws would allow a remote attacker \u201cto cause arbitrary code execution,\u201d the company said.\n\nAll the zero-days and thus the fixes affect iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation), according to Apple. Security experts believe the three are part of an exploit chain attackers can use to escalate privileges and compromise a device after its unsuspecting user falls victim to a malicious website leveraging the WebKit flaw.\n\nAs is custom, however, Apple did not go into detail about how the bugs are being used in attacks, as it doesn\u2019t typically reveal this type of info until most of the affected devices are patched.\n\nThe proliferation of iPhones across the world makes news of any Apple iOS zero-day a security threat to its hundreds of millions of users, and thus a very big deal. In fact, four nation-state-backed advanced persistent threats (APTs) used a zero-day iPhone exploit in a highly publicized [espionage hack](<https://threatpost.com/zero-click-apple-zero-day-pegasus-spy-attack/162515/>) against Al Jazeera journalists, producers, anchors and executives late last year.\n\nPredictably, numerous [iPhone users](<https://twitter.com/Gurgling_MrD/status/1354191338221285377>), [tech professionals](<https://twitter.com/GustavoCols/status/1354160831366361089>) and [security experts](<https://twitter.com/Riazjavedbutt/status/1354307444961406976>) took to Twitter as news of the latest spate of iOS zero-days broke to warn iPhone users to update their devices immediately.\n\n\u201ciOS release notes are always comforting when you have firsts like this,\u201d [tweeted](<https://twitter.com/_DanielSinclair/status/1354299572177268737>) one iPhone user [Daniel Sinclair](<https://twitter.com/_DanielSinclair/status/1348631971480666112>) sarcastically. \u201c3 zero-days actively exploited in the wild. 2 involving WebKit.\u201d\n\nSinclair also [tweeted](<https://twitter.com/_DanielSinclair/status/1348631971480666112>) earlier in the month that his iPhone \u201cinexplicably became bricked,\u201d though it\u2019s unclear if that issue was related to the recently discovered zero-days.\n", "cvss3": {}, "published": "2021-01-27T12:21:28", "type": "threatpost", "title": "Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871"], "modified": "2021-01-27T12:21:28", "id": "THREATPOST:233067E74345C95478CA096160DFCE43", "href": "https://threatpost.com/apple-patches-zero-days-ios-emergency-update/163374/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-03-09T16:00:51", "description": "Apple is rolling out fixes for a high-severity vulnerability in its WebKit browser engine that, if exploited, could allow remote attackers to completely compromise affected systems.\n\nThe mobile giant released security updates on Monday for the flaw, for its Safari browser, as well as devices running macOS, watchOS and iOS.\n\nThe bug (CVE-2021-1844) ranks 7.7 out of 10 on the CVSS vulnerability-severity scale, making it high-severity. An exploit would allow an attacker to remotely execute code and ultimate take over the system.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nApple on Monday urged affected device users to update as soon as possible: \u201cKeeping your software up-to-date is one of the most important things you can do to maintain your Apple product\u2019s security,\u201d said the company on Monday.\n\n## **What is Apple WebKit?**\n\nThe WebKit browser engine was developed by Apple for use in its Safari web browser \u2013 however, it is also used by Apple Mail, the App Store, and various apps on the macOS and iOS operating systems. The vulnerability stems from a memory-corruption issue in WebKit; [this type of bug occurs](<https://threatpost.com/memory-corruption-mitigations-doing-their-job/124728/>) when the contents of a memory location are modified in a way that exceeds the intention of the original program/language constructs \u2013 allowing attackers to execute arbitrary code.\n\nIn the case of this specific flaw, if WebKit processes specially-crafted, malicious web content, it could lead to successful exploitation, according to Apple.\n\nIn a real-world attack, \u201ca remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system,\u201d [according to an advisory.](<https://www.cybersecurity-help.cz/vdb/SB2021030901>)\n\n## **What Apple Devices Are Affected?**\n\nApple pushed the updates out across a variety of devices. Updates are available via [macOS Big Sur 11.2.3](<https://support.apple.com/en-us/HT212220>); [watchOS 7.3.2](<https://support.apple.com/en-us/HT212222>) (for the Apple Watch series 3 or later); and[ iOS 14.4.1 and iPadOS 14.4.1](<https://support.apple.com/en-us/HT212221>) (for the iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation).\n\nSecurity fixes are also available[ via Safari 14.0.3](<https://support.apple.com/en-us/HT212223>) for macOS Catalina and macOS Mojave: \u201cAfter installing this update, the build number for Safari 14.0.3 is 14610.4.3.1.7 on macOS Mojave and 15610.4.3.1.7 on macOS Catalina,\u201d noted Apple. Apple users [can visit this page](<https://support.apple.com/en-us/HT201222>) to learn how to update their devices.\n\nCl\u00e9ment Lecigne of Google\u2019s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research were credited with discovering the flaw.\n\n## **Apple Security Updates**\n\nIt\u2019s only the latest bug to be found in WebKit: Apple in January released an emergency update that patched three [recently discovered bugs in iOS](<https://threatpost.com/apple-patches-zero-days-ios-emergency-update/163374/>). Two of these \u2013 CVE-2021-1870 and CVE-2021-1871 \u2013 were discovered in WebKit (while the third, tracked as CVE-2021-1782, was found in the OS kernel).\n\nThe WebKit vulnerabilities are both logic issues that the update addresses with improved restrictions, according to Apple. Exploiting these flaws would allow a remote attacker \u201cto cause arbitrary code execution,\u201d the company said.\n\nThe security updates also come weeks after [Apple released its 2021 Platform Security guide](<https://threatpost.com/apple-2021-platform-security-guide/164094/>), outlining its current and year-ahead agenda for its device hardware, software and silicon security. The deep dive report covered iOS 14, macOS Big Sur, Apple Silicon and iCloud Drive security.\n\n**_Check out our free _****_[upcoming live webinar events](<https://threatpost.com/category/webinars/>)_****_ \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community:_** \n\u00b7 March 24: **Economics of 0-Day Disclosures: The Good, Bad and Ugly** ([Learn more and register!](<https://threatpost.com/webinars/economics-of-0-day-disclosures-the-good-bad-and-ugly/>)) \n\u00b7 April 21: **Underground Markets: A Tour of the Dark Economy** ([Learn more and register!](<https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/>))\n", "cvss3": {}, "published": "2021-03-09T15:58:15", "type": "threatpost", "title": "Apple Plugs Severe WebKit Remote Code-Execution Hole", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1782", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871"], "modified": "2021-03-09T15:58:15", "id": "THREATPOST:8372A3E62BAD4992E997A34240A7EB45", "href": "https://threatpost.com/apple-webkit-remote-code-execution/164595/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-15T11:52:36", "description": "Apple issued two out-of-band security fixes for its Safari web browser, fixing zero-day vulnerabilities that \u201cmay have been actively exploited,\u201d according to a Monday security bulletin by the company. The bugs affect sixth-generation Apple iPhones, iPads and iPod touch model hardware, released between 2013 and 2018.\n\n\u201cApple is aware of a report that this issue may have been actively exploited,\u201d the company wrote. Technical details of the two bugs, [Apple said](<https://support.apple.com/en-us/HT212548>), will not be released, \u201cuntil an investigation has occurred and patches or releases are available.\u201d \n[](<https://threatpost.com/newsletter-sign/>)Both bugs are tied to Apple\u2019s Safari browser and the underlying iOS code, called WebKit, which is responsible for rendering web pages. Apple is crediting the discovery of both bugs (CVE-2021-30761 and CVE-2021-30762) to an anonymous researcher.\n\nThe patch, iOS 12.5.4, is [available for download](<https://support.apple.com/en-us/HT212548>).\n\n## **Memory Corruption Bug: CVE-2021-30761 **\n\nOne of the bugs patched by Apple addresses a \u201cmemory corruption issue\u201d and improves the Apple WebKit state management.\n\n\u201cState management refers to the management of the state of one or more user interface controls such as text fields, OK buttons, radio buttons, etc. in a graphical user interface,\u201d according to a [technical description of the term](<https://en.wikipedia.org/wiki/State_management>).\n\nAccording to Apple, the patch for the bug, logged as CVE-2012-30761, addresses a bug found in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). This range of hardware was released between 2013 and 2018.\n\n## **Use After Free Flaw: CVE-2021-30762**\n\nThe second flaw was identified as a use-after-free bug, which is a type of memory corruption vulnerability. The bug, tracked as CVE-20121-30762, allows an attacker to execute code on targeted devices. According to Apple, adversaries may be exploiting this flaw on unpatched devices.\n\n[In its advisory Apple wrote](<https://support.apple.com/en-us/HT212548>): \u201cImpact: Processed maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\u201d\n\nApple added that the \u201cuse-after-free issue was addressed with improved memory management.\u201d\n\n\u201c[A] use-after-free is a vulnerability [is] related to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program,\u201d according to a [Kaspersky description of this type of bug](<https://encyclopedia.kaspersky.com/glossary/use-after-free/#:~:text=Use%2DAfter%2DFree%20\\(UAF,error%20to%20hack%20the%20program.>).\n\nThe iOS patch, distributed as a iOS 12.5.4 update, is for the same model hardware as above: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).\n\nApple is not releasing any additional details pertaining to these vulneraries.\n\n**Join Threatpost for \u201c**[**Tips and Tactics for Better Threat Hunting**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)**\u201d \u2014 a LIVE event on **[**Wed., June 30 at 2:00 PM ET**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)** in partnership with Palo Alto Networks. Learn from Palo Alto\u2019s Unit 42 experts the best way to hunt down threats and how to use automation to help. **[**Register HERE**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)** for free. **\n", "cvss3": {}, "published": "2021-06-15T11:43:20", "type": "threatpost", "title": "Apple Hurries Patches for Safari Bugs Under Active Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-30761", "CVE-2021-30761", "CVE-2021-30762"], "modified": "2021-06-15T11:43:20", "id": "THREATPOST:4918B2D694EFC16538A8825D39D8FBD5", "href": "https://threatpost.com/apple-patch-safari-active-attack/166922/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-07-27T14:50:30", "description": "Apple patched a zero-day flaw on Monday, found in both its iOS and macOS platforms that\u2019s being actively exploited in the wild and can allow attackers to take over an affected system.\n\nThe memory-corruption flaw, tracked as [CVE-2021-30807](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>), is found in the IOMobileFrameBuffer extension which exists in both iOS and macOS, but has been fixed according to specific device platform.\n\nApple released [three updates](<https://support.apple.com/en-us/HT212623>), iOS 14.7., iPadOS 14.7.1 and [macOS Big Sur 11.5.1](<https://support.apple.com/en-us/HT212622>) to patch the vulnerability on each of the platforms Monday.\n\nExploiting CVE-2021-30807 can allow for threat actors \u201cto execute arbitrary code with kernel privileges,\u201d Apple said in documentation describing the updates.\n\n\u201cApple is aware of a report that this issue may have been actively exploited,\u201d the company said. Apple addressed the issue in each of the updates with \u201cimprove memory handling,\u201d the company said.\n\niOS devices that should be updated immediately are: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).\n\nThough Apple attributed the discovery of the bug to an \u201canonymous researcher,\u201d a security researcher at the Microsoft Security Response Center (MSRC) came forward separately on Monday and [tweeted](<https://twitter.com/AmarSaar/status/1419770084780875779>) that he had discovered the vulnerability some time ago but hadn\u2019t yet found the time to report it to Apple.\n\n\u201cSo, as it turns out, an LPE vulnerability I found 4 months ago in IOMFB is now patched in iOS 14.7.1 as in-the-wild,\u201d [Saar Amar](<https://twitter.com/AmarSaar>) wrote on Twitter, sharing [a link](<https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/>) to \u201csome knowledge and details about the bug and some ways to exploit it.\u201d\n\nIn the linked documentation, Amar describes the vulnerability as \u201cstraightforward\u201d and existing \u201cin a flow called from the external method 83 of _AppleCLCD_/_IOMFB_ (which is _IOMobileFramebufferUserClient::s_displayed_fb_surface_).\u201d\n\nTo trigger the flaw, \u201csimply calling the external method 83 will do the job (and we can obtain the userclient to _AppleCLCD/IMOFB_ from the app sandbox),\u201d Amar wrote. He describes a proof of concept exploit in detail in his post.\n\nAmar said he planned to \u201cfind some extra time to work on it in August,\u201d but Apple released its updates patching the flaw before he got around to it.\n\n\u201cJust to be clear, I intended to submit this bug to Apple right after I\u2019ll finish the exploit [SIC],\u201d he wrote. \u201cI wanted to get a high- quality submission, but I did not have the time to invest in March.\u201d\n\nAs iPhone users update to fix yet another Apple zero-day, they also [continue waiting](<https://threatpost.com/apple-iphone-pegasus-zero-day/168040/>) for the company to patch a flaw that makes their devices easy prey for Pegasus spyware. Last week leaked data suggested that the notorious Pegasus mobile spyware from Israeli-based NSO Group [is exploiting](<https://threatpost.com/nso-group-data-pegasus/167897/>) a zero-click zero-day in Apple\u2019s iMessage feature.\n\nThe news and evidence of a Pegasus spyware blitz [spurred discussion](<https://threatpost.com/nso-pegasus-spyware-bans-apple-accountability/167965/>) about the security of Apple\u2019s closed ecosystem and a call for accountability and potential changes to the company\u2019s security model.Worried about where the next attack is coming from? We\u2019ve got your back. **[REGISTER NOW](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)** for our upcoming live webinar, How to **Think Like a Threat Actor**, in partnership with Uptycs on Aug. 17 at 11 AM EST and find out precisely where attackers are targeting you and how to get there first. Join host Becky Bracken and Uptycs researchers Amit Malik and Ashwin Vamshi on **[Aug. 17 at 11AM EST for this LIVE discussion](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)**.\n", "cvss3": {}, "published": "2021-07-27T13:36:21", "type": "threatpost", "title": "Apple Patches Actively Exploited Zero-Day in iOS, MacOS", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-30807"], "modified": "2021-07-27T13:36:21", "id": "THREATPOST:1F4EC22B4239CE182669792125155781", "href": "https://threatpost.com/apple-patches-actively-exploited-zero-day-in-ios-macos/168177/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-05-25T12:31:57", "description": "Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone\u2019s computer and capture images of their activity within applications or on video conferences without that person knowing.\n\nApple addressed the vulnerability\u2014discovered by researchers at enterprise cybersecurity firm [Jamf](<https://www.jamf.com/>)\u2014 in the latest version of [macOS, Big Sur 11.4](<https://support.apple.com/en-us/HT212529>), released on Monday, the company told Forbes, according to [a published report](<https://www.forbes.com/sites/thomasbrewster/2021/05/24/update-your-mac-now-nasty-hack-breaks-apple-security-to-take-sneaky-photos/?sh=ea0bb4c20a07>).\n\nResearchers said they discovered that the XCSSET spyware was using the vulnerability, tracked as [CVE-2021-30713](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30713>), \u201cspecifically for the purpose of taking screenshots of the user\u2019s desktop without requiring additional permissions,\u201d according to a [post on the Jamf blog](<https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/>).[](<https://threatpost.com/newsletter-sign/>)\u201cThis activity was discovered during analysis of XCSSET that they made \u201cafter noting a significant uptick of detected variants observed in the wild,\u201d researchers said. Apple so far has not provided specific details about the vulnerability in its entry in the CVE database.\n\nThe flaw works by bypassing the Transparency Consent and Control (TCC) framework, which controls what resources applications have access to, \u201csuch as granting video collaboration software access to the webcam and microphone, in order to participate in virtual meetings,\u201d according to the Jamf post.\n\n\u201cThe exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user\u2019s explicit consent\u2013which is the default behavior,\u201d researchers said.\n\n## **History of a Spyware**\n\nTrend Micro discovered the XCSSET malware [last August](<https://threatpost.com/mac-spyware-xcode-projects/158388/>) when researchers noticed cybercriminals injecting malware into Xcode developer projects, resulting in a propagation of infections. They identified the malware as a suite called XCSSET, which can hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware, and perform other malicious functions.\n\nAt the time Trend Micro researchers noticed XCSSET using two zero-day flaws to do its dirty work\u2014one in Data Vault that allowed it to bypass macOS\u2019 System Integrity Protection (SIP) feature; and one in Safari for WebKit Development that allowed universal cross-site scripting (UXSS).\n\nNow it appears a third zero-day flaw can be added to the list of those XCSSET can exploit, according to Jamf, which described in detail how the spyware takes advantage of the bug to bypass the TCC.\n\nUpon a deep dive into the spyware, the Jamf Protect detection team members noticed an AppleScript module titled \u201cscreen_sim.applescript\u201d with a check called \u201cverifyCapturePermissions\u201d being used to search for an app with permissions to capture a screenshot from a list of installed apps. The list was derived from an earlier check of the following software appID\u2019s, referred to by the malware as \u201cdonorApps.\u201d\n\n\u201cAs expected, the list of application IDs that are targeted are all applications that users regularly grant the screen-sharing permission to as part of its normal operation,\u201d researchers wrote. \u201cThe malware then uses the following mdfind command\u2013the command-line-based version of Spotlight\u2013to check if the appID\u2019s are installed on the victim\u2019s device.\u201d\n\nIf any of those IDs are found on the system, the command returns the path to the installed application and, with this information, XCSSET crafts a custom AppleScript application and injects it into the installed, donor application.\n\nFor example, if the virtual meeting app Zoom (zoom.us.app) is found on the system, the malware will place itself like this: /Applications/zoom.us.app/Contents/MacOS/avatarde.app. If the victim machine is running macOS11 or greater, it will then sign the avatarde application with an ad-hoc signature, or one that is signed by the computer itself, researchers said.\n\nXCSSET can then take screenshots or record the screen when the victim is using Zoom without needing explicit consent from the user, inheriting those TCC permissions outright from the Zoom parent app. Researchers found that XCSSET also can use the flaw to hijack other permissions beyond screensharing as well.\n\n## **MacOS Threats on the Rise**\n\nApple\u2019s latest security woe comes on the heels of an Apple exec publicly lamenting the level of malware against the Mac platform, calling it [\u201cunacceptable\u201d](<https://threatpost.com/apple-mac-malware-unacceptable/166340/>) in testimony in a California court last Wednesday for a [lawsuit](<https://cand.uscourts.gov/wp-content/uploads/cases-of-interest/epic-games-v-apple/20-5640_Epic_Games_Dkt_48_Order_Granting_in_Part_and_Denying_in_Part_Motion_for_a_Temporary_Restraining_Order.pdf>) (PDF) brought against the company by Epic Games, maker of Fortnite.\n\nApple head of software engineering Craig Federighi used the threat level as an excuse for Apple\u2019s tight restrictions on the software that is allowed to run on its platform and sell within its iOS App Store.\n\nIndeed, 2021 has been a less-than stellar year so far for Apple security. Earlier this month, Apple [released a quartet](<https://threatpost.com/apple-zero%E2%80%91days-active-attack/165842/>) of unscheduled updates for iOS, macOS, and watchOS, to slap security patches on flaws in its WebKit browser engine.\n\nA week before that, Apple [patched a zero-day vulnerability](<https://threatpost.com/apple-patches-macos-bug-bypass-defenses/165611/>) in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already had been exploiting for several months.\n\nThe company kicked off the year by removing a contentious macOS feature that allowed some Apple apps to bypass content filters, VPNs and third-party firewalls. They quickly followed that up with [an emergency update](<https://threatpost.com/apple-patches-zero-days-ios-emergency-update/163374/>) to patch three zero-day vulnerabilities discovered in iOS after a major software update in November of last year already fixed three that were being actively exploited.\n\n**Join Threatpost for \u201cA Walk On The Dark Side: A Pipeline Cyber Crisis Simulation\u201d\u2013 a LIVE interactive demo on**** **[**Wed, June 9 at 2:00 PM EDT**](<https://threatpost.com/webinars/take-a-walk-on-the-darkside/?utm_source=ART&utm_medium=ART&utm_campaign=June_ImmersiveLabs_Webinar>)**. Sponsored by Immersive Labs, find out whether you have the tools and skills to prevent a Colonial Pipeline-style attack on your organization. Questions and LIVE audience participation encouraged. Join the discussion and **[**Register HERE**](<https://threatpost.com/webinars/take-a-walk-on-the-darkside/?utm_source=ART&utm_medium=ART&utm_campaign=June_ImmersiveLabs_Webinar>)** ****for free.**\n", "cvss3": {}, "published": "2021-05-25T12:25:55", "type": "threatpost", "title": "Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-30713"], "modified": "2021-05-25T12:25:55", "id": "THREATPOST:8BADC2EA82DF9B3B87A59B396C617C28", "href": "https://threatpost.com/apple-patches-zero-day-flaw-in-macos-that-allows-for-sneaky-screenshots/166428/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-04-27T16:21:46", "description": "Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months.\n\nSecurity researcher [Cedric Owens](<https://twitter.com/cedowens>) first discovered the vulnerability, tracked as [CVE-2021\u201330657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30657>) and patched in macOS 11.3, [an update](<https://support.apple.com/en-us/HT212325>) dropped by Apple on Monday. The vulnerability is particularly perilous to macOS users because it allows an attacker to very easily craft a macOS payload that goes unchecked by the strict security features built into the OS specifically to keep malware out.\n\n[](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)\n\nDownload \u201cThe Evolution of Ransomware\u201d to gain valuable insights on emerging trends amidst rapidly growing attack volumes. Click above to hone your defense intelligence!\n\n\u201cThis bug trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk,\u201d warned Patrick Wardle, an Apple security expert who runs the [Objective-See](<https://objective-see.com/>) Mac security tool site, in [a blog post](<https://objective-see.com/blog/blog_0x64.html>) Monday. Owens asked Wardle to do a deeper technical dive of the bug after his initial analysis and report on it.\n\nOwens said he tested his exploit for the bug successfully on macOS Catalina 10.15\u2013specifically on 10.15.7\u2013and on versions of macOS Big Sur before Big Sur 11.3, submitting a report to Apple about the vulnerability on March 25.\n\n\u201cThis payload can be used in phishing and all the victim has to do is double-click to open the .dmg and double-click the fake app inside of the .dmg\u2013no pop ups or warnings from macOS are generated,\u201d Owens [wrote in a post](<https://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508>) on his Medium blog Monday.\n\n## **Vulnerability Deep Dive**\n\nWardle\u2019s report takes an extensive technical look at the bug, finding that CVE-2021\u201330657 could bypass three key anti-malware detections present in macOS\u2014File Quarantine, Gatekeeper and Notarization, he wrote in his post.\n\nApple has always considered itself a stickler for security with a focus on locking down its proprietary hardware products against malware\u2013which makes the existence of this particular zero-day bug somewhat ironic. The three features that the flaw could bypass actually show a steady progression of macOS security, with the company reinforcing each feature to make the OS inherently less penetrable, Wardle explained.\n\nFile Quarantine, was introduced in OSX Leopard (10.5) in 2007, provides the first warning to the user that requires explicit confirmation before allowing a newly downloaded file to execute, he wrote. However, since users kept ignoring the warning and letting malware pass through, Apple introduced Gatekeeper in OSX Lion (10.7) as a feature built atop File Quarantine. Gatekeeper checks the code-signing information of downloaded items, blocking those that do not adhere to system policies, Wardle said.\n\nNotarization is the newest security feature of the three, introduced in macOS Catalina (10.15) and aimed at once again preventing users from sabotaging themselves. The feature introduced Application Notarization to ensure that Apple has scanned and approved all software before it is allowed to run, according to the post.\n\nBy being able to bypass all of them, the zero-day bug, then, provides a triple threat that basically gives malware a free pass into the system. How the bug does this is by setting into motion a logic bug in macOS\u2019 underlying code so that it mischaracterizes certain application bundles and skipps the usual security checks, Wardle explained.\n\nThe key to how the bug works lies in the way macOS apps identify files, which is not as single entities but instead as bundles of different files. These bundles include a list of properties that tell the app where specific files it needs to use are located.\n\nBy taking out the property file and creating a bundle in a certain way, threat actors can exploit the flaw to be misrecognized by the OS and thus pass through the security checks, Wardle said in his post.\n\n\u201cAny script-based application that does _not_ contain an Info.plist file will be misclassified as \u2018not a bundle\u2019 and thus will be allowed to execute with no alerts nor prompts,\u201d he wrote.\n\n## **Exploitation in the Wild**\n\nOnce he identified how the bug works, Wardle asked researchers from Mac security company Jamf to see if anyone had already exploited it in the wild. Turns out, a variant of malware already quite familiar to Mac users has been abusing the vulnerability since at least Jan. 9., according to a [post Monday](<https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/>) on the Jamf Blog.\n\n\u201cThe Jamf Protect detections team observed this exploit being used in the wild by a variant of the Shlayer adware dropper,\u201d according to the post by Jamf detections lead [Jaron Bradley](<https://twitter.com/jbradley89>), who added that it is nearly identical to a malware sample previously identified by [Intego Security](<https://www.intego.com/mac-security-blog/new-mac-malware-reveals-google-searches-can-be-unsafe/>).\n\nThe major difference, however, is that the variant has been repackaged to use a format necessary for carrying out the MacOS Gatekeeper bypass vulnerability, he explained, going into detail about how the attacker abused the flaw.\n\nShlayer and the macOS already have quite a history, as the [stealthy adware](<https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/>) is known as the [No. 1 threat to Macs](<https://threatpost.com/shlayer-mac-youtube-wikipedia/152146/>). Indeed, Shlayer was found [slipping through the Notarization](<https://threatpost.com/apple-accidentally-notarizes-shlayer-malware/158818/>) feature as recently last August disguised as Adobe Flash Player updates, something Wardle co-discovered with researcher [Peter Dantini](<https://twitter.com/PokeCaptain>) at the time.\n\nUnderstandably, Apple and all the security researchers who took a look at the zero-day vulnerability are advising that macOS users update their systems immediately to avoid falling victim to any existing exploits for it.\n\n**Join Threatpost for \u201c**[**Fortifying Your Business Against Ransomware, DDoS &amp; Cryptojacking Attacks**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)**\u201d \u2013 a LIVE roundtable event on**[** Wed, May 12 at 2:00 PM EDT**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinarhttps://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)**. Sponsored by Zoho ManageEngine, Threatpost host Becky Bracken moderates an expert panel discussing best defense strategies for these 2021 threats. Questions and LIVE audience participation encouraged. Join the lively discussion and [Register HERE](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>) for free. **\n", "cvss3": {}, "published": "2021-04-27T11:45:01", "type": "threatpost", "title": "Apple Patches Zero-Day MacOS Bypass Bug", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-30657"], "modified": "2021-04-27T11:45:01", "id": "THREATPOST:7C630642BA0CC259B4DF61820DA05235", "href": "https://threatpost.com/apple-patches-macos-bug-bypass-defenses/165611/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-03-02T18:06:16", "description": "Hackers behind previous [iPhone jailbreak tools](<https://threatpost.com/new-ios-jailbreak-tool-works-on-iphone-models-ios-11-to-ios-13-5/156045/>) have released a jailbreak update based on a recently discovered and patched iPhone vulnerability. According to iPhone jailbreakers at UnC0ver, the tool allows users to take full control over unpatched iPhones.\n\nThe jailbreak\u2014which UnC0ver said works on iOS versions 11.0 to 14.3\u2013exploits the kernel vulnerability CVE-2021-1782, one of [three iOS flaws](<https://threatpost.com/apple-patches-zero-days-ios-emergency-update/163374/>) for which Apple released an emergency update, iOS 14.4, last month. At the time the company said the vulnerabilities potentially were being exploited in the wild.\n\nWith the release of 14.4, a number of devices already will have been updated, which means the jailbreak won\u2019t work. However, anyone with a device running 14.3 or earlier version of iOS can use the tool to hack into their iPhone, according to UnC0ver. \n[](<https://threatpost.com/newsletter-sign/>)UnC0ver [shared its discovery on Twitter](<https://twitter.com/Pwn20wnd/status/1365833293069975557>), announcing UnC0ver v6.0.0, after one of the group\u2019s members, Pwn20wnd, who put out several teaser tweets about the imminent arrival of the jailbreak tool before its release.\n\n\u201cTweet your device model and why you will be jailbreaking your device on iOS 14 with the hashtag [#unc0ver](<https://twitter.com/hashtag/unc0ver?src=hashtag_click>)!\u201d Pwn20wnd tweeted on Feb. 27 before releasing the tool, with other enthusiasts echoing the call to spread the news.\n\n## What Exactly is a Jailbreak Tool?\n\nJailbreak tools are software that take advantage of vulnerabilities in iOS to allow users root access and full control of their device. Jailbreaking bypasses DRM restrictions, allowing users to run unauthorized and custom software as well as make other tweaks to iOS.\n\nApple\u2019s iOS and other OSes for its products are notoriously closed-source, which has irked developers that like to peer under the hood and play with the code on their devices. The company historically has cited security reasons for not permitting its users tinker with the proprietary code for iOS.\n\nJailbreaks like the ones unC0ver has become notorious for releasing have become popular ways for iOS developers and users to hack into their own devices to make custom changes to their devices, and are typically met with enthusiasm from iPhone aficionados.\n\n\u201cIt\u2019s great to see [#unc0ver](<https://twitter.com/hashtag/unc0ver?src=hashtag_click>) after such a long wait for a iOS 14 jailbreak on newer devices. even better that it was a complete surprise!\u201d tweeted [Jamie Bishop](<https://twitter.com/jamiebishop123>), a software engineer and self-proclaimed iOS hacker.\n\nHowever, some enthusiasts grumbled that they wish they\u2019d had prior warning that a jailbreak was going to be released, because their devices had already updated to iOS 14.4 and so the tool was rendered useless to them.\n\n\u201cWell\u2026A little heads up would\u2019ve been appreciated,\u201d [tweeted](<https://twitter.com/ddavid_son/status/1365827024774922240>) [David Davidson](<https://twitter.com/ddavid_son>), and iPhone user in Israel, in response to Bishop. \u201cNow there\u2019s a lot of us with nothing to do.\u201d\n\nIt\u2019s been a little more than 10 months since UnC0ver released its last iPhone jailbreak tool. That one came in May 2020, which allowed people to break into devices up to iOS 13.5, which was then the latest release. Apple quietly [released a patch](<https://threatpost.com/apple-jailbreak-zero-day-patch/156201/>) for the jailbreak not long after.\n", "cvss3": {}, "published": "2021-03-02T17:54:53", "type": "threatpost", "title": "Jailbreak Tool Works on iPhones Up to iOS 14.3", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1782"], "modified": "2021-03-02T17:54:53", "id": "THREATPOST:26C336F10C4AB0FEC01844CA1040746F", "href": "https://threatpost.com/jailbreak-tool-works-on-iphones-up-to-ios-14-3/164420/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-10-12T19:45:12", "description": "Apple on Monday rushed out a [security update](<https://support.apple.com/en-us/HT212846>) for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution (RCE) zero-day vulnerability that\u2019s being actively exploited.\n\nWithin hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the vulnerability, meaning that now\u2019s a really good time to update your iOS device.\n\nA week and a half ago, Apple released iOS 15.0.1 to fix a [slew of performance glitches](<https://www.zdnet.com/article/can-you-trust-ios-15-0-1/>), but iOS 15.0.2 is the first security update for the new OS.\n\nMonday\u2019s patch addresses a memory-corruption zero day \u2013 tracked as CVE-2021-30883 \u2013 in IOMobileFrameBuffer, which is a kernel extension that acts as a [screen framebuffer](<https://en.wikipedia.org/wiki/Framebuffer>), allowing developers to control how the memory in a device uses the screen display.\n\n\u201cAn application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,\u201d the company said.\n\nAttackers who get access to kernel privileges gain full control of an iOS device.\n\nApple typically doesn\u2019t choose to hand weapons to attackers. True to form, the company kept potential attack blueprints close to its vest: It didn\u2019t release technical details for either the vulnerability nor the attack(s) that have exploited it.\n\nNot all are as cautious. Shortly after the patch was released, a security researcher named Saar Amar published both a [technical explanation and proof-of-concept exploit code](<https://saaramar.github.io/IOMFB_integer_overflow_poc/>). He said that he thought that the bug is \u201chighly interesting because it\u2019s accessible from the app sandbox (so it\u2019s great for jailbreaks)\u201d\n\nJailbreaking \u2013 exploiting flaws in a locked-down device in order to install software other than what the manufacturer had in mind or makes available \u2013 gives a device owner the ability to gain full access to the root of the operating system and to access all the features.\n\n## A \u2018Great\u2019 Bug\n\nBesides being \u201cgreat\u201d for jailbreaks, the researcher also said that the vulnerability is \u201ca good candidate for [local privilege escalation, or LPE] exploits in chains (WebContent, etc.).\u201d\n\n\u201cTherefore, I decided to take a quick look, bindiff the patch, and identify the root cause of the bug,\u201d the researcher explained. They were referring to BinDiff, a comparison tool for binary files that helps to quickly find differences and similarities in disassembled code. It\u2019s used by security researchers and engineers to identify and isolate fixes for vulnerabilities in vendor-supplied patches and to analyze multiple versions of the same binary.\n\n\u201cAfter bindiffing and reversing, I saw that the bug is great, and I decided to write this short blogpost, which I hope you\u2019ll find helpful,\u201d the security researcher wrote. \u201cI really want to publish my bindiff findings as close to the patch release as possible, so there will be no full exploit here; However, I did manage to build a really nice and stable POC that results in a great panic at the end,\u201d they said, adding a smiley.\n\nMonday\u2019s zero-day is a kissing cousin to a critical memory-corruption flaw that [Apple patched in July.](<https://threatpost.com/apple-patches-actively-exploited-zero-day-in-ios-macos/168177/>) That bug, [CVE-2021-30807](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807>), was also actively exploited, also found in the IOMobileFrameBuffer extension in both iOS and macOS, and likewise used to take over systems.\n\nMonday\u2019s update, iOS 15.0.2, is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).\n\nApple credited an anonymous researcher with the find.\n\nThe fix comes just weeks after Apple\u2019s September release of [iOS 15](<https://www.apple.com/ios/ios-15/features/>), replete with its much-ballyhooed new security defenses. Specifically, the new operating system comes with a built-in two-factor authentication (2FA) code generator, on-device speech recognition, and multiple anti-tracking security and privacy features. The speech recognition is meant to skirt the privacy concerns that have arisen around iPhone biometrics being sent off to the cloud to be processed (and sometimes [eavesdropped on](<https://threatpost.com/amazon-auditors-listen-to-echo-recordings-report-says/143696/>) by humans).\n\niOS 15 also included [patches](<https://support.apple.com/en-ca/HT212814>) for at least 22 security vulnerabilities, including some that exposed iPhone and iPad users to remote denial-of-service (DoS) and remote execution of arbitrary code with kernel privileges.\n\n_**Check out our free **_[_**upcoming live and on-demand online town halls**_](<https://threatpost.com/category/webinars/>)_** \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community.**_\n", "cvss3": {}, "published": "2021-10-12T15:17:38", "type": "threatpost", "title": "Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-30807", "CVE-2021-30883"], "modified": "2021-10-12T15:17:38", "id": "THREATPOST:760D774FCA5FD00BE1174D5CB428884D", "href": "https://threatpost.com/apple-urgent-ios-updates-zero-day/175419/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-01-12T01:27:57", "description": "Microsoft on Monday released details about a bug in macOS that Apple fixed last month \u2013 named \u201cpowerdir\u201d \u2013 that could let attackers hijack apps, install their own nasty apps, use the microphone to eavesdrop or grab screenshots of whatever\u2019s displayed on your screen.\n\nThe vulnerability allows malicious apps to bypass privacy preferences. Specifically, it could allow an attacker to bypass the operating system\u2019s [Transparency, Consent and Control](<https://support.apple.com/guide/security/controlling-app-access-to-files-secddd1d86a6/web>) (TCC) technology, thereby gaining unauthorized access to a user\u2019s protected data, the Microsoft 365 Defender Research Team said in its [advisory](<https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/>).\n\nIntroduced in 2012 in macOS Mountain Lion, TCC helps users to configure their apps\u2019 privacy settings by requiring that all apps get user consent before accessing files in Documents, Downloads, Desktop, iCloud Drive, calendar and network volumes, as well as before the apps are allowed to access the device\u2019s camera, microphone or location.\n\nApple released a fix for the vulnerability \u2013 identified as [CVE-2021-30970](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30970>) \u2013 in macOS Big Sur and macOS Monterey, as [part of](<https://threatpost.com/apple-ios-updates-iphone-13-jailbreak-exploit/177051/>) its Dec. 13, 2021 [security updates](<https://support.apple.com/en-us/HT212978>). At the time, as is typical, Apple didn\u2019t give much detail, merely stating that the flaw was a logic issue that could allow a malicious to bypass privacy preferences: A flaw that it addressed with improved state management.\n\n## The Bug Trips Up TCC\n\nTCC stores the consent history of app requests. The feature prevents unauthorized code execution by restricting full disk access to only those apps with appropriate privileges \u2013 at least, that\u2019s the way it\u2019s supposed to work.\n\nBut Microsoft researchers discovered that it\u2019s possible to programmatically change a target user\u2019s home directory and to plant a fake TCC database.\n\n\u201cIf exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user\u2019s protected personal data,\u201d they explained in Monday\u2019s advisory. \u201cFor example, the attacker could hijack an app installed on the device \u2013 or install their own malicious app \u2013 and access the microphone to record private conversations or capture screenshots of sensitive information displayed on the user\u2019s screen.\u201d\n\nTypically, users manage TCC under System Preferences in macOS (System Preferences &gt; Security &amp; Privacy &gt; Privacy).\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2022/01/11143551/security-privacy-pane-e1641929765781.png>)\n\nThe macOS Security &amp; Privacy pane that serves as the front end of TCC. Source: Microsoft.\n\nAs Microsoft explained, when an app requests access to protected user data, one of two things can happen:\n\n 1. If the app and the type of request have a record in the TCC databases, then a flag in the database entry dictates whether to allow or deny the request \u2014 automatically and without any user interaction.\n 2. If the app and the type of request do not have a record in the TCC databases, then a prompt is presented to the user, who decides whether to grant or deny access. The said decision is backed into the databases so that succeeding similar requests will now fall under the first scenario.\n\nIf an attacker gets full disk access to the TCC databases, Microsoft explained that the world\u2019s then their app oyster: \u201cThey could edit it to grant arbitrary permissions to any app they choose, including their own malicious app. The affected user would also not be prompted to allow or deny the said permissions, thus allowing the app to run with configurations they may not have known or consented to.\u201d\n\n## Prior TCC Trespasses\n\nThis isn\u2019t the first time that TCC databases have shown themselves to be susceptible to bypass. Microsoft listed this trio of past vulnerabilities:\n\n * **Time Machine mounts** ([CVE-2020-9771](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9771>)): macOS offers a built-in backup and restore solution called [Time Machine](<https://support.apple.com/en-us/HT201250>). It was discovered that Time Machine backups could be mounted (using the apfs_mount utility) with the \u201cnoowners\u201d flag. Since these backups contain the TCC.db files, an attacker could mount those backups and determine the device\u2019s TCC policy without having full disk access.\n * **Environment variable poisoning** ([CVE-2020-9934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9934>)): It was discovered that the user\u2019s _tccd_ could build the path to the TCC.db file by expanding $HOME/Library/Application Support/com.apple.TCC/TCC.db. Since the user could manipulate the $HOME environment variable (as introduced to tccd by _l_aunchd), an attacker could plant a chosen TCC.db file in an arbitrary path, poison the $HOME environment variable, and make TCC.db consume that file instead.\n * **Bundle-conclusion issue** ([CVE-2021-30713](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30713>)): [First disclosed by Jamf](<https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/>) in a blog post about the XCSSET malware family, this bug abused how macOS was deducing app bundle information. For example, suppose an attacker knows of a specific app that commonly has microphone access. In that case, they could plant their application code in the target app\u2019s bundle and \u201cinherit\u201d its TCC capabilities.\n\nApple has responded to those vulnerabilities with two changes: It protected the system-wide TCC.db via [System Integrity Protection](<https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection>) (SIP), a macOS feature that prevents unauthorized code execution, and it enforced a TCC policy that only apps with full disk access can access the TCC.db files.\n\n\u201cNote, though, that this policy was also subsequently abused as some apps required such access to function properly (for example, the SSH daemon, [sshd](<https://man7.org/linux/man-pages/man8/sshd.8.html>)),\u201d Microsoft researchers noted.\n\nApple has since patched these vulnerabilities, but Microsoft said that its research shows that \u201cthe potential bypass to TCC.db can still occur.\u201d\n\nMicrosoft\u2019s very predictable, inarguable advice: \u201cWe encourage macOS users to apply these security updates as soon as possible.\u201d\n\n_Image courtesy of [Pixabay](<https://pixabay.com/photos/spying-eyes-strange-weird-4250251/>)._\n\n**Password** **Reset: ****[On-Demand Event](<https://threatpost.com/webinars/password-reset-claiming-control-of-credentials-to-stop-attacks/>):** Fortify 2022 with a password security strategy built for today\u2019s threats. This [Threatpost Security Roundtable](<https://threatpost.com/webinars/password-reset-claiming-control-of-credentials-to-stop-attacks/>), built for infosec professionals, centers on enterprise credential management, the _new_ password basics and mitigating post-credential breaches. Join Darren James, with Specops Software and Roger Grimes, defense evangelist at KnowBe4 and Threatpost host Becky Bracken. **[Register &amp; Stream this FREE session today](<https://threatpost.com/webinars/password-reset-claiming-control-of-credentials-to-stop-attacks/>)** \u2013 sponsored by Specops Software.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-01-11T20:35:47", "type": "threatpost", "title": "MacOS Bug Could Let Creeps Snoop On You", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9771", "CVE-2020-9934", "CVE-2021-30713", "CVE-2021-30970"], "modified": "2022-01-11T20:35:47", "id": "THREATPOST:2B3917ECB87C4A3C315132D8E32C1073", "href": "https://threatpost.com/macos-bug-snooping-microsoft/177551/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-15T11:25:30", "description": "Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability.\n\nThat\u2019s the word from researchers from Google Threat Analysis Group (TAG) and Google Project Zero, who Wednesday [posted a blog](<https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/>) shedding more light on several zero-day flaws that they discovered so far this year. Researchers in particular detailed how attackers exploited the vulnerabilities\u2014the prevalence of which are on the rise\u2013before they were addressed by their respective vendors.\n\nTAG researchers discovered the Safari WebKit flaw, tracked as [CVE-\u200b2021-1879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1879>), on March 19. The vulnerability allowed for the processing of maliciously crafted web content for universal cross site scripting and was addressed by Apple in [an update](<https://support.apple.com/en-us/HT212256>) later that month.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nBefore the fix, researchers assert Russian-language threat actors were exploiting the vulnerability in the wild by using LinkedIn Messaging to send government officials from Western European countries malicious links that could collect website-authentication cookies, according to the post by Maddie Stone and Clement Lecigne from Google TAG.\n\n\u201cIf the target visited the link from an iOS device, they would be redirected to an attacker-controlled domain that served the next-stage payloads,\u201d they wrote.\n\nThe exploit, which targeted iOS versions 12.4 through 13.7, would turn off [Same-Origin-Policy](<https://en.wikipedia.org/wiki/Same-origin_policy>) protections on an infected device to collect authentication cookies from several popular websites\u2013including Google, Microsoft, LinkedIn, Facebook and Yahoo\u2013and then send them via WebSocket to an attacker-controlled IP, researchers wrote. The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated.\n\nMoreover, the campaign targeting iOS devices coincided with others from the same threat actor\u2014which Microsoft has identified as Nobelium\u2013targeting users on Windows devices to deliver Cobalt Strike, researchers wrote. Security firm Volexity described one of these attacks [in a report](<https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/>) posted online in May, the researchers added.\n\nNobellium is believed to be a Russia-based threat group responsible for the [expansive cyber-espionage SolarWinds](<https://threatpost.com/feds-russia-culprit-solarwinds/162785/>) campaign, which affected numerous U.S. government agencies and tech companies, including Microsoft.\n\n## **Other Zero-Day Attacks**\n\nGoogle researchers also linked three additional zero-day flaws they identified this year to a commercial surveillance vendor, according to [Google TAG\u2019s Shane Huntley](<https://twitter.com/ShaneHuntley/status/1415340345500463113>). Two of those vulnerabilities\u2013[CVE-2021-21166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166>) and [CVE-2021-30551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30551>)\u2014were found in Chrome, and one, tracked as [CVE-2021-33742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33742>), in Internet Explorer.\n\nCVE-2021-21166 and CVE-2021-30551, two Chrome rendered remote-code execution (RCE) flaws, were identified separately but later believed to be used by the same actor, researchers wrote in the blog. Google researchers discovered the former in February and the latter in June.\n\n\u201cBoth of these 0-days were delivered as one-time links sent by email to the targets, all of whom we believe were in Armenia,\u201d Stone and Lecigne wrote. \u201cThe links led to attacker-controlled domains that mimicked legitimate websites related to the targeted users.\u201d\n\nWhen prospective victims clicked the link, they were redirected to a webpage that would fingerprint their device, collect system information about the client, and generate ECDH keys to encrypt the exploits, researchers wrote. This info\u2014which included screen resolution, timezone, languages, browser plugins, and available MIME types\u2014would then be sent back to the exploit server and used by attackers to decide whether or not an exploit should be delivered to the target, they said.\n\nResearchers also identified a separate campaigned in April that also targeted Armenian users by leveraging CVE-2021-26411, an RCE bug found in Internet Explorer (IE). The campaign loaded web content within IE that contained malicious Office documents, researchers wrote.\n\n\u201cThis happened by either embedding a remote ActiveX object using a Shell.Explorer.1 OLE object or by spawning an Internet Explorer process via VBA macros to navigate to a web page,\u201d Stone and Lecigne explained.\n\nAt the time, researchers said they were unable to recover the next-stage payload, but successfully recovered the exploit after discovering an early June campaign from the same actors. Microsoft patched the flaw later that month, they said.\n\n\n\nClick to Zoom CREDIT: TAG\n\n## **Why There is an Increase in Zero-Days?**\n\nAll in all, security researchers have identified 33 [zero-day flaws](<https://threatpost.com/kaseya-patches-zero-days-revil-attacks/167670/>) so far in 2021, which is 11 more than the total number from 2020, according to the post.\n\nWhile that trend reflects an increase in the number of these types of vulnerabilities that exist, Google researchers \u201cbelieve greater detection and disclosure efforts are also contributing to the upward trend,\u201d they wrote.\n\nStill, it\u2019s highly possible that attackers are indeed using more [zero-day exploits](<https://threatpost.com/zero-day-wipe-my-book-live/167422/>) for a few reasons, researchers noted. One is that the increase and maturation of security technologies and features means attackers also have to level up, which in turn requires more [zero-day vulnerabilities](<https://threatpost.com/solarwinds-hotfix-zero-day-active-attack/167704/>) for functional attack chains, they said.\n\nThe growth of mobile platforms also has resulted in an increase in the number of products that threat actors want to target\u2014hence more reason to use zero-day exploits, researchers observed. Perhaps inspired by this increase in demand, commercial vendors also are selling more access to zero-days than in the early 2010s, they said.\n\nFinally, the maturation of security protections and strategies also inspires sophistication on the part of attackers as well, boosting the need for them to use zero-day flaws to convince victims to install malware, researchers noted.\n\n\u201cDue to advancements in security, these actors now more often have to use 0-day exploits to accomplish their goals,\u201d Stone and Lecigne wrote.\n\n_**Check out our free **_[_**upcoming live and on-demand webinar events**_](<https://threatpost.com/category/webinars/>)_** \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community.**_\n", "cvss3": {}, "published": "2021-07-15T11:04:49", "type": "threatpost", "title": "Safari Zero-Day Used in Malicious LinkedIn Campaign", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1879", "CVE-2021-21166", "CVE-2021-26411", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-07-15T11:04:49", "id": "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6", "href": "https://threatpost.com/safari-zero-day-linkedin/167814/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2023-12-02T22:11:07", "description": "# About the security content of iOS 12.5.3\n\nThis document describes the security content of iOS 12.5.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 12.5.3\n\nReleased May 3, 2021\n\n**WebKit**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2021-30666: yangkang (@dnpushme)&amp;zerokeeper&amp;bianliang of 360 ATA\n\n**WebKit**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2021-30665: yangkang (@dnpushme)&amp;zerokeeper&amp;bianliang of 360 ATA\n\n**WebKit**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2021-30663: an anonymous researcher\n\n**WebKit Storage**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-30661: yangkang (@dnpushme)&amp;zerokeeper&amp;bianliang of 360 ATA\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-03T00:00:00", "type": "apple", "title": "About the security content of iOS 12.5.3", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666"], "modified": "2021-05-03T00:00:00", "id": "APPLE:4E4515CD7FD997AA98D94164483D0679", "href": "https://support.apple.com/kb/HT212341", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T22:11:05", "description": "# About the security content of Safari 14.1\n\nThis document describes the security content of Safari 14.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## Safari 14.1*\n\nReleased May 4, 2021\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2021-30665: yangkang (@dnpushme)&amp;zerokeeper&amp;bianliang of 360 ATA\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2021-30663: an anonymous researcher\n\n* Safari 14.1 includes the security content of [Safari 14.1 (released April 26, 2021)](<https://support.apple.com/kb/HT212318>). After installing this update, the build number for Safari 14.1 is 15611.1.21.161.7 on macOS Catalina and 14611.1.21.161.7 on macOS Mojave.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-04T00:00:00", "type": "apple", "title": "About the security content of Safari 14.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30663", "CVE-2021-30665"], "modified": "2021-05-04T00:00:00", "id": "APPLE:72B0255E1DE0446B228B5371EDD14ACD", "href": "https://support.apple.com/kb/HT212340", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T22:11:06", "description": "# About the security content of macOS Big Sur 11.3.1\n\nThis document describes the security content of macOS Big Sur 11.3.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## macOS Big Sur 11.3.1\n\nReleased May 3, 2021\n\n**WebKit**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2021-30665: yangkang (@dnpushme)&amp;zerokeeper&amp;bianliang of 360 ATA\n\n**WebKit**\n\nAvailable for: macOS Big Sur\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2021-30663: an anonymous researcher\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-03T00:00:00", "type": "apple", "title": "About the security content of macOS Big Sur 11.3.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30663", "CVE-2021-30665"], "modified": "2021-05-03T00:00:00", "id": "APPLE:73550C0E0CC4D3E6D5DC38456DA89443", "href": "https://support.apple.com/kb/HT212335", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T22:11:08", "description": "# About the security content of iOS 14.5.1 and iPadOS 14.5.1\n\nThis document describes the security content of iOS 14.5.1 and iPadOS 14.5.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 14.5.1 and iPadOS 14.5.1\n\nReleased May 3, 2021\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2021-30665: yangkang (@dnpushme)&amp;zerokeeper&amp;bianliang of 360 ATA\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2021-30663: an anonymous researcher\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 02, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-03T00:00:00", "type": "apple", "title": "About the security content of iOS 14.5.1 and iPadOS 14.5.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30663", "CVE-2021-30665"], "modified": "2021-05-03T00:00:00", "id": "APPLE:52D5DC71EAE54F6DF0EA591406E6C671", "href": "https://support.apple.com/kb/HT212336", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T22:11:00", "description": "# About the security content of iOS 12.5.4\n\nThis document describes the security content of iOS 12.5.4.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 12.5.4\n\nReleased June 14, 2021\n\n**Security**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nImpact: Processing a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.\n\nCVE-2021-30737: xerub\n\n**WebKit**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2021-30761: an anonymous researcher\n\n**WebKit**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A use after free issue was addressed with improved memory management. \n\nCVE-2021-30762: an anonymous researcher\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-14T00:00:00", "type": "apple", "title": "About the security content of iOS 12.5.4", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30737", "CVE-2021-30761", "CVE-2021-30762"], "modified": "2021-06-14T00:00:00", "id": "APPLE:852BF4CFEE89DF537390F83B28A0C41D", "href": "https://support.apple.com/kb/HT212548", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T22:10:54", "description": "# About the security content of macOS Big Sur 11.5.1\n\nThis document describes the security content of macOS Big Sur 11.5.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## macOS Big Sur 11.5.1\n\nReleased July 26, 2021\n\n**IOMobileFrameBuffer**\n\nAvailable for: macOS Big Sur\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2021-30807: an anonymous researcher\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-26T00:00:00", "type": "apple", "title": "About the security content of macOS Big Sur 11.5.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30807"], "modified": "2021-07-26T00:00:00", "id": "APPLE:DBD69E61128BB8DB328ED63A78371D07", "href": "https://support.apple.com/kb/HT212622", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T22:10:48", "description": "# About the security content of watchOS 7.6.1\n\nThis document describes the security content of watchOS 7.6.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## watchOS 7.6.1\n\nReleased July 29, 2021\n\n**IOMobileFrameBuffer**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2021-30807: an anonymous researcher\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-29T00:00:00", "type": "apple", "title": "About the security content of watchOS 7.6.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30807"], "modified": "2021-07-29T00:00:00", "id": "APPLE:00E9E67FD5A811CCF44971943EC8B5C3", "href": "https://support.apple.com/kb/HT212713", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T22:10:52", "description": "# About the security content of iOS 14.7.1 and iPadOS 14.7.1\n\nThis document describes the security content of iOS 14.7.1 and iPadOS 14.7.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 14.7.1 and iPadOS 14.7.1\n\nReleased July 26, 2021\n\n**IOMobileFrameBuffer**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2021-30807: an anonymous researcher\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-26T00:00:00", "type": "apple", "title": "About the security content of iOS 14.7.1 and iPadOS 14.7.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30807"], "modified": "2021-07-26T00:00:00", "id": "APPLE:B804E3A70EFCA1DE30511F9CD20F227C", "href": "https://support.apple.com/kb/HT212623", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T22:11:07", "description": "# About the security content of watchOS 7.4.1\n\nThis document describes the security content of watchOS 7.4.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## watchOS 7.4.1\n\nReleased May 3, 2021\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2021-30665: yangkang (@dnpushme)&amp;zerokeeper&amp;bianliang of 360 ATA\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-03T00:00:00", "type": "apple", "title": "About the security content of watchOS 7.4.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30665"], "modified": "2021-05-03T00:00:00", "id": "APPLE:A1AFADAD90CEC763DFDCC59E95E6D673", "href": "https://support.apple.com/kb/HT212339", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T22:11:20", "description": "# About the security content of iOS 14.4.2 and iPadOS 14.4.2\n\nThis document describes the security content of iOS 14.4.2 and iPadOS 14.4.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## iOS 14.4.2 and iPadOS 14.4.2\n\nReleased March 26, 2021\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: This issue was addressed by improved management of object lifetimes.\n\nCVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-26T00:00:00", "type": "apple", "title": "About the security content of iOS 14.4.2 and iPadOS 14.4.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-03-26T00:00:00", "id": "APPLE:6F6ABDDC9804AE7A4086CB77C2D1EF4A", "href": "https://support.apple.com/kb/HT212256", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T22:11:21", "description": "# About the security content of watchOS 7.3.3\n\nThis document describes the security content of watchOS 7.3.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## watchOS 7.3.3\n\nReleased March 26, 2021\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: This issue was addressed by improved management of object lifetimes.\n\nCVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-26T00:00:00", "type": "apple", "title": "About the security content of watchOS 7.3.3", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-03-26T00:00:00", "id": "APPLE:7BA0021A4788FB7533B47DE574B071E4", "href": "https://support.apple.com/kb/HT212258", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T22:11:17", "description": "# About the security content of iOS 12.5.2\n\nThis document describes the security content of iOS 12.5.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 12.5.2\n\nReleased March 26, 2021\n\n**WebKit**\n\nAvailable for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: This issue was addressed by improved management of object lifetimes.\n\nCVE-2021-1879: Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group\n\n\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 26, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-26T00:00:00", "type": "apple", "title": "About the security content of iOS 12.5.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1879"], "modified": "2021-03-26T00:00:00", "id": "APPLE:0F898F86D77B1E8D84FF7B933794464E", "href": "https://support.apple.com/kb/HT212257", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-02T22:11:10", "description": "# About the security content of Safari 14.1\n\nThis document describes the security content of Safari 14.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## Safari 14.1\n\nReleased April 26, 2021\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2021-1825: Alex Camboe of Aon\u2019s Cyber Solutions\n\n**WebKit Storage**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-30661: yangkang (@dnpushme)&amp;zerokeeper&amp;bianliang of 360 ATA\n\nEntry added May 4, 2021\n\n**WebRTC**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-7463: Megan2013678\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 03, 2023\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-26T00:00:00", "type": "apple", "title": "About the security content of Safari 14.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-7463", "CVE-2021-1825", "CVE-2021-30661"], "modified": "2021-04-26T00:00:00", "id": "APPLE:A5EDA5FE2364D1FB5D577BC8C126D6E5", "href": "https://support.apple.com/kb/HT212318", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-09-27T15:31:50", "description": "The version of Apple iOS running on the mobile device is prior to 12.5.3. It is, therefore, affected by multiple vulnerabilities including the following: \n\n - A use after free issue was addressed with improved memory management (CVE-2021-30661).\n\n - An integer overflow was addressed with improved input validation (CVE-2021-30663).\n\n - A buffer overflow issue was addressed with improved memory handling (CVE-2021-30666).\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "Apple iOS < 12.5.3 Multiple Vulnerabilities (HT212341)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30666"], "modified": "2023-09-25T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1253_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/149331", "sourceData": "Binary data apple_ios_1253_check.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:23", "description": "The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.3.1 Big Sur. It is, therefore, affected by multiple vulnerabilities including the following:\n\n - An integer overflow was addressed with improved input validation (CVE-2021-30663).\n\n - A memory corruption issue was addressed with improved state management (CVE-2021-30666).\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "macOS 11.x < 11.3.1 Multiple Vulnerabilities (HT212335)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30663", "CVE-2021-30666"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT212335.NASL", "href": "https://www.tenable.com/plugins/nessus/149333", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149333);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2021-30663\");\n script_xref(name:\"APPLE-SA\", value:\"HT212335\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2021-05-03-4\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"macOS 11.x < 11.3.1 Multiple Vulnerabilities (HT212335)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.3.1 Big Sur. It is, therefore,\naffected by multiple vulnerabilities including the following:\n\n - An integer overflow was addressed with improved input validation (CVE-2021-30663).\n\n - A memory corruption issue was addressed with improved state management (CVE-2021-30666).\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT212335\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 11.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [{ 'min_version' : '11.0', 'fixed_version' : '11.3.1', 'fixed_display' : 'macOS Big Sur 11.3.1' }];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info, \n constraints:constraints, \n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-26T15:39:10", "description": "The version of Apple iOS running on the mobile device is prior to 14.5.1. It is, therefore, affected by multiple vulnerabilities.\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved state management. (CVE-2021-30665)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. An integer overflow was addressed with improved input validation. (CVE-2021-30663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "Apple iOS < 14.5.1 Multiple Vulnerabilities (HT212336)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30663", "CVE-2021-30665"], "modified": "2023-09-25T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1451_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/149353", "sourceData": "Binary data apple_ios_1451_check.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-26T15:41:35", "description": "The version of Apple iOS running on the mobile device is prior to 12.5.4. It is, therefore, affected by multiple vulnerabilities:\n\n - A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. Processing a maliciously crafted certificate may lead to arbitrary code execution. (CVE-2021-30737)\n\n - A memory corruption issue was addressed with improved state management. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n (CVE-2021-30761)\n\n - A use after free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n (CVE-2021-30762)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-17T00:00:00", "type": "nessus", "title": "Apple iOS < 12.5.4 Multiple Vulnerabilities (HT212548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30737", "CVE-2021-30761", "CVE-2021-30762"], "modified": "2023-09-25T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1254_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/150851", "sourceData": "Binary data apple_ios_1254_check.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:43", "description": "The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.5.1 Big Sur. It is, therefore, affected by a vulnerability in IOMobileFrameBuffer. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2021-07-28T00:00:00", "type": "nessus", "title": "macOS 11.x < 11.5.1 (HT212622)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30807"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT212622.NASL", "href": "https://www.tenable.com/plugins/nessus/152129", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152129);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2021-30807\");\n script_xref(name:\"APPLE-SA\", value:\"HT212622\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2021-07-26\");\n script_xref(name:\"IAVA\", value:\"2021-A-0356-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"macOS 11.x < 11.5.1 (HT212622)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.5.1 Big Sur. It is, therefore,\naffected by a vulnerability in IOMobileFrameBuffer. An application may be able to execute arbitrary code with kernel\nprivileges. Apple is aware of a report that this issue may have been actively exploited.\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT212622\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 11.5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30807\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [{ 'min_version' : '11.0', 'fixed_version' : '11.5.1', 'fixed_display' : 'macOS Big Sur 11.5.1' }];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T14:59:53", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4939-1 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1871)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4939-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1788", "CVE-2021-1844", "CVE-2021-1871"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver"], "id": "UBUNTU_USN-4939-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149419", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4939-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149419);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\"CVE-2021-1788\", \"CVE-2021-1844\", \"CVE-2021-1871\");\n script_xref(name:\"USN\", value:\"4939-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4939-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4939-1 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1788)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and\n iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,\n Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote\n attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-1871)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4939-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.32.0-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.32.0-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.32.0-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.32.0-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.32.0-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.32.0-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.32.0-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.32.0-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.32.0-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.32.0-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.32.0-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.32.0-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.32.0-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.32.0-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.32.0-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.32.0-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.32.0-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.32.0-0ubuntu0.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T15:40:13", "description": "The following vulnerabilities have been discovered in the webkit2gtk web engine :\n\n - CVE-2021-1788 Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2021-1844 Clement Lecigne and Alison Huffman discovered that processing maliciously crafted web content may lead to arbitrary code execution.\n\n - CVE-2021-1871 An anonymous researcher discovered that a remote attacker may be able to cause arbitrary code execution.", "cvss3": {}, "published": "2021-06-01T00:00:00", "type": "nessus", "title": "Debian DSA-4923-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1788", "CVE-2021-1844", "CVE-2021-1871"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:webkit2gtk", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4923.NASL", "href": "https://www.tenable.com/plugins/nessus/150095", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4923. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150095);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\"CVE-2021-1788\", \"CVE-2021-1844\", \"CVE-2021-1871\");\n script_xref(name:\"DSA\", value:\"4923\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Debian DSA-4923-1 : webkit2gtk - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The following vulnerabilities have been discovered in the webkit2gtk\nweb engine :\n\n - CVE-2021-1788\n Francisco Alonso discovered that processing maliciously\n crafted web content may lead to arbitrary code\n execution.\n\n - CVE-2021-1844\n Clement Lecigne and Alison Huffman discovered that\n processing maliciously crafted web content may lead to\n arbitrary code execution.\n\n - CVE-2021-1871\n An anonymous researcher discovered that a remote\n attacker may be able to cause arbitrary code execution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-1788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-1844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-1871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/webkit2gtk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4923\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.32.1-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1871\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-javascriptcoregtk-4.0\", reference:\"2.32.1-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"gir1.2-webkit2-4.0\", reference:\"2.32.1-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-18\", reference:\"2.32.1-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-bin\", reference:\"2.32.1-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libjavascriptcoregtk-4.0-dev\", reference:\"2.32.1-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37\", reference:\"2.32.1-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-37-gtk2\", reference:\"2.32.1-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-dev\", reference:\"2.32.1-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebkit2gtk-4.0-doc\", reference:\"2.32.1-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webkit2gtk-driver\", reference:\"2.32.1-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T15:37:39", "description": "This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.32.0 (bsc#1184155) :\n\n - Fix the authentication request port when URL omits the port.\n\n - Fix iframe scrolling when main frame is scrolled in async\n\n - scrolling mode.\n\n - Stop using g_memdup.\n\n - Show a warning message when overriding signal handler for\n\n - threading suspension.\n\n - Fix the build on RISC-V with GCC 11.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871\n\n - Update in version 2.30.6 (bsc#1184262) :\n\n - Update user agent quirks again for Google Docs and Google Drive.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.\n\n - Update _constraints for armv6/armv7 (bsc#1182719)\n\n - restore NPAPI plugin support which was removed in 2.32.0\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2021-637)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27918", "CVE-2020-29623", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-637.NASL", "href": "https://www.tenable.com/plugins/nessus/149570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-637.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149570);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2021-637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.32.0 (bsc#1184155) :\n\n - Fix the authentication request port when URL omits the\n port.\n\n - Fix iframe scrolling when main frame is scrolled in\n async\n\n - scrolling mode.\n\n - Stop using g_memdup.\n\n - Show a warning message when overriding signal handler\n for\n\n - threading suspension.\n\n - Fix the build on RISC-V with GCC 11.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2021-1788, CVE-2021-1844,\n CVE-2021-1871\n\n - Update in version 2.30.6 (bsc#1184262) :\n\n - Update user agent quirks again for Google Docs and\n Google Drive.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-27918, CVE-2020-29623,\n CVE-2021-1765 CVE-2021-1789, CVE-2021-1799,\n CVE-2021-1801, CVE-2021-1870.\n\n - Update _constraints for armv6/armv7 (bsc#1182719)\n\n - restore NPAPI plugin support which was removed in 2.32.0\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184262\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected webkit2gtk3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwebkit2gtk3-lang-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit-jsc-4-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit-jsc-4-debuginfo-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-debugsource-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-devel-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.32.0-lp152.2.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T15:36:06", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-864dc37032 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. (CVE-2020-29623)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1789)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-19T00:00:00", "type": "nessus", "title": "Fedora 33 : webkit2gtk3 (2021-864dc37032)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27918", "CVE-2020-29623", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:webkit2gtk3"], "id": "FEDORA_2021-864DC37032.NASL", "href": "https://www.tenable.com/plugins/nessus/148778", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-864dc37032\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148778);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-864dc37032\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"Fedora 33 : webkit2gtk3 (2021-864dc37032)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-864dc37032 advisory.\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes\n 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data\n deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update\n 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing\n history. (CVE-2020-29623)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content\n may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1788)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1789)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big\n Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS\n 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on\n arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4\n and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and\n iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,\n Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote\n attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-864dc37032\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected webkit2gtk3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkit2gtk3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'webkit2gtk3-2.32.0-1.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-26T16:03:37", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.32.0 (bsc#1184155) :\n\n - Fix the authentication request port when URL omits the port.\n\n - Fix iframe scrolling when main frame is scrolled in async\n\n - scrolling mode.\n\n - Stop using g_memdup.\n\n - Show a warning message when overriding signal handler for\n\n - threading suspension.\n\n - Fix the build on RISC-V with GCC 11.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871\n\nUpdate in version 2.30.6 (bsc#1184262) :\n\n - Update user agent quirks again for Google Docs and Google Drive.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.\n\nUpdate _constraints for armv6/armv7 (bsc#1182719)\n\nrestore NPAPI plugin support which was removed in 2.32.0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-05T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1499-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27918", "CVE-2020-29623", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1499-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1499-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149278);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1499-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.32.0 (bsc#1184155) :\n\n - Fix the authentication request port when URL omits the\n port.\n\n - Fix iframe scrolling when main frame is scrolled in\n async\n\n - scrolling mode.\n\n - Stop using g_memdup.\n\n - Show a warning message when overriding signal handler\n for\n\n - threading suspension.\n\n - Fix the build on RISC-V with GCC 11.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2021-1788, CVE-2021-1844,\n CVE-2021-1871\n\nUpdate in version 2.30.6 (bsc#1184262) :\n\n - Update user agent quirks again for Google Docs and\n Google Drive.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-27918, CVE-2020-29623,\n CVE-2021-1765 CVE-2021-1789, CVE-2021-1799,\n CVE-2021-1801, CVE-2021-1870.\n\nUpdate _constraints for armv6/armv7 (bsc#1182719)\n\nrestore NPAPI plugin support which was removed in 2.32.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184262\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27918/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29623/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1765/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1799/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1801/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1844/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1870/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1871/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211499-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27fa17e4\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1499=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1499=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1499=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1499=1\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1499=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1499=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1499=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-1499=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1499=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1499=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-1499=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-1499=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-1499=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2-4_0-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-debugsource-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"webkit2gtk3-devel-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"typelib-1_0-WebKit2-4_0-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-debugsource-2.32.0-3.74.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"webkit2gtk3-devel-2.32.0-3.74.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-19T15:53:54", "description": "This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.32.0 (bsc#1184155) :\n\n - Fix the authentication request port when URL omits the port.\n\n - Fix iframe scrolling when main frame is scrolled in async\n\n - scrolling mode.\n\n - Stop using g_memdup.\n\n - Show a warning message when overriding signal handler for\n\n - threading suspension.\n\n - Fix the build on RISC-V with GCC 11.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871\n\nUpdate in version 2.30.6 (bsc#1184262) :\n\n - Update user agent quirks again for Google Docs and Google Drive.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.\n\nUpdate _constraints for armv6/armv7 (bsc#1182719)\n\nrestore NPAPI plugin support which was removed in 2.32.0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1430-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27918", "CVE-2020-29623", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1430-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149203", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1430-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149203);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1430-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for webkit2gtk3 fixes the following issues :\n\nUpdate to version 2.32.0 (bsc#1184155) :\n\n - Fix the authentication request port when URL omits the\n port.\n\n - Fix iframe scrolling when main frame is scrolled in\n async\n\n - scrolling mode.\n\n - Stop using g_memdup.\n\n - Show a warning message when overriding signal handler\n for\n\n - threading suspension.\n\n - Fix the build on RISC-V with GCC 11.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2021-1788, CVE-2021-1844,\n CVE-2021-1871\n\nUpdate in version 2.30.6 (bsc#1184262) :\n\n - Update user agent quirks again for Google Docs and\n Google Drive.\n\n - Fix several crashes and rendering issues.\n\n - Security fixes: CVE-2020-27918, CVE-2020-29623,\n CVE-2021-1765 CVE-2021-1789, CVE-2021-1799,\n CVE-2021-1801, CVE-2021-1870.\n\nUpdate _constraints for armv6/armv7 (bsc#1182719)\n\nrestore NPAPI plugin support which was removed in 2.32.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184262\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27918/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29623/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1765/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1789/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1799/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1801/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1844/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1870/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-1871/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211430-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aa8ec58e\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP3 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1430=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1430=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP3 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1430=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1430=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"webkit2gtk3-devel-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"3\", reference:\"webkit2gtk3-devel-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.32.0-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"webkit2gtk3-devel-2.32.0-3.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-18T15:19:32", "description": "The remote host is affected by the vulnerability described in GLSA-202202-01 (WebkitGTK+: Multiple vulnerabilities)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1871)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30666)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30809)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30818)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS. (CVE-2021-30823)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory. (CVE-2021-30836)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30846)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. (CVE-2021-30848)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30849)\n\n - A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. (CVE-2021-30851)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2021-30858)\n\n - The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history. (CVE-2021-30884)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. (CVE-2021-30887)\n\n - An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior . (CVE-2021-30888)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30889)\n\n - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30890)\n\n - An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin. (CVE-2021-30897)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30934)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30936, CVE-2021-30951)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30952)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30953)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30954)\n\n - A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30984)\n\n - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\n\n - In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. (CVE-2021-45482)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "GLSA-202202-01 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1788", "CVE-2021-1817", "CVE-2021-1820", "CVE-2021-1825", "CVE-2021-1826", "CVE-2021-1844", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799", "CVE-2021-30809", "CVE-2021-30818", "CVE-2021-30823", "CVE-2021-30836", "CVE-2021-30846", "CVE-2021-30848", "CVE-2021-30849", "CVE-2021-30851", "CVE-2021-30858", "CVE-2021-30884", "CVE-2021-30887", "CVE-2021-30888", "CVE-2021-30889", "CVE-2021-30890", "CVE-2021-30897", "CVE-2021-30934", "CVE-2021-30936", "CVE-2021-30951", "CVE-2021-30952", "CVE-2021-30953", "CVE-2021-30954", "CVE-2021-30984", "CVE-2021-41133", "CVE-2021-42762", "CVE-2021-45482"], "modified": "2023-11-17T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:webkit-gtk"], "id": "GENTOO_GLSA-202202-01.NASL", "href": "https://www.tenable.com/plugins/nessus/157266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202202-01.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157266);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\n \"CVE-2021-1788\",\n \"CVE-2021-1817\",\n \"CVE-2021-1820\",\n \"CVE-2021-1825\",\n \"CVE-2021-1826\",\n \"CVE-2021-1844\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-30661\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30666\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30761\",\n \"CVE-2021-30762\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\",\n \"CVE-2021-30809\",\n \"CVE-2021-30818\",\n \"CVE-2021-30823\",\n \"CVE-2021-30836\",\n \"CVE-2021-30846\",\n \"CVE-2021-30848\",\n \"CVE-2021-30849\",\n \"CVE-2021-30851\",\n \"CVE-2021-30858\",\n \"CVE-2021-30884\",\n \"CVE-2021-30887\",\n \"CVE-2021-30888\",\n \"CVE-2021-30889\",\n \"CVE-2021-30890\",\n \"CVE-2021-30897\",\n \"CVE-2021-30934\",\n \"CVE-2021-30936\",\n \"CVE-2021-30951\",\n \"CVE-2021-30952\",\n \"CVE-2021-30953\",\n \"CVE-2021-30954\",\n \"CVE-2021-30984\",\n \"CVE-2021-42762\",\n \"CVE-2021-45482\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0126-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0202-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0505-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0414-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0437-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0577-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"GLSA-202202-01 : WebkitGTK+: Multiple vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202202-01 (WebkitGTK+: Multiple vulnerabilities)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1788)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and\n iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,\n Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote\n attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-1871)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim\n needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1,\n iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30661)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30666)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak\n sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30761)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4.\n Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a\n report that this issue may have been actively exploited.. (CVE-2021-30762)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15,\n tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2021-30809)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and\n iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2021-30818)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS\n 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be\n able to bypass HSTS. (CVE-2021-30823)\n\n - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and\n iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may\n disclose restricted memory. (CVE-2021-30836)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and\n iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2021-30846)\n\n - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and\n iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code\n execution. (CVE-2021-30848)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30849)\n\n - A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15,\n tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code\n execution. (CVE-2021-30851)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and\n iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code\n execution. Apple is aware of a report that this issue may have been actively exploited. (CVE-2021-30858)\n\n - The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15,\n watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing\n history. (CVE-2021-30884)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS\n 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to\n unexpectedly unenforced Content Security Policy. (CVE-2021-30887)\n\n - An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS\n Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content\n Security Policy reports may be able to leak information via redirect behavior . (CVE-2021-30888)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey\n 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30889)\n\n - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1,\n iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to\n universal cross site scripting. (CVE-2021-30890)\n\n - An issue existed in the specification for the resource timing API. The specification was updated and the\n updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website\n may exfiltrate data cross-origin. (CVE-2021-30897)\n\n - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2,\n macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30934)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2,\n macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30936, CVE-2021-30951)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS\n Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2021-30952)\n\n - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS\n Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2021-30953)\n\n - A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2,\n macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30954)\n\n - A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS\n Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web\n content may lead to arbitrary code execution. (CVE-2021-30984)\n\n - BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that\n allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by\n the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to\n host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process\n remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\n\n - In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different\n vulnerability than CVE-2021-30889. (CVE-2021-45482)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202202-01\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=779175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=801400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=813489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=819522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=820434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=829723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=831739\");\n script_set_attribute(attribute:\"solution\", value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n\n\t\t\t# emerge --sync\n\t\t\t# emerge --ask --oneshot --verbose >=net-libs/webkit-gtk-2.34.4\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30954\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"net-libs/webkit-gtk\",\n 'unaffected' : make_list(\"ge 2.34.4\"),\n 'vulnerable' : make_list(\"lt 2.34.4\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T15:51:49", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4381 advisory.\n\n - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)\n\n - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.\n (CVE-2020-24870)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. (CVE-2020-29623)\n\n - autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. (CVE-2020-36241)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1789)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241. (CVE-2021-28650)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : GNOME (ALSA-2021:4381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13558", "CVE-2020-24870", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-36241", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-28650", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:alma:linux:libraw", "p-cpe:/a:alma:linux:libraw-devel", "p-cpe:/a:alma:linux:accountsservice", "p-cpe:/a:alma:linux:accountsservice-devel", "p-cpe:/a:alma:linux:accountsservice-libs", "p-cpe:/a:alma:linux:gdm", "p-cpe:/a:alma:linux:gnome-autoar", "p-cpe:/a:alma:linux:gnome-calculator", "p-cpe:/a:alma:linux:gnome-classic-session", "p-cpe:/a:alma:linux:gnome-control-center", "p-cpe:/a:alma:linux:gnome-control-center-filesystem", "p-cpe:/a:alma:linux:gnome-online-accounts", "p-cpe:/a:alma:linux:gnome-online-accounts-devel", "p-cpe:/a:alma:linux:gnome-session", "p-cpe:/a:alma:linux:gnome-session-kiosk-session", "p-cpe:/a:alma:linux:gnome-session-wayland-session", "p-cpe:/a:alma:linux:gnome-session-xsession", "p-cpe:/a:alma:linux:gnome-settings-daemon", "p-cpe:/a:alma:linux:gnome-shell", "p-cpe:/a:alma:linux:gnome-shell-extension-apps-menu", "p-cpe:/a:alma:linux:gnome-shell-extension-auto-move-windows", "p-cpe:/a:alma:linux:gnome-shell-extension-common", "p-cpe:/a:alma:linux:gnome-shell-extension-dash-to-dock", "p-cpe:/a:alma:linux:gnome-shell-extension-desktop-icons", "p-cpe:/a:alma:linux:gnome-shell-extension-disable-screenshield", "p-cpe:/a:alma:linux:gnome-shell-extension-drive-menu", "p-cpe:/a:alma:linux:gnome-shell-extension-gesture-inhibitor", "p-cpe:/a:alma:linux:gnome-shell-extension-horizontal-workspaces", "p-cpe:/a:alma:linux:gnome-shell-extension-launch-new-instance", "p-cpe:/a:alma:linux:gnome-shell-extension-native-window-placement", "p-cpe:/a:alma:linux:gnome-shell-extension-no-hot-corner", "p-cpe:/a:alma:linux:gnome-shell-extension-panel-favorites", "p-cpe:/a:alma:linux:gnome-shell-extension-places-menu", "p-cpe:/a:alma:linux:gnome-shell-extension-screenshot-window-sizer", "p-cpe:/a:alma:linux:gnome-shell-extension-systemmonitor", "p-cpe:/a:alma:linux:gnome-shell-extension-top-icons", "p-cpe:/a:alma:linux:gnome-shell-extension-updates-dialog", "p-cpe:/a:alma:linux:gnome-shell-extension-user-theme", "p-cpe:/a:alma:linux:gnome-shell-extension-window-grouper", "p-cpe:/a:alma:linux:gnome-shell-extension-window-list", "p-cpe:/a:alma:linux:gnome-shell-extension-windowsnavigator", "p-cpe:/a:alma:linux:gnome-shell-extension-workspace-indicator", "p-cpe:/a:alma:linux:gnome-software", "p-cpe:/a:alma:linux:gnome-software-devel", "p-cpe:/a:alma:linux:gsettings-desktop-schemas", "p-cpe:/a:alma:linux:gsettings-desktop-schemas-devel", "p-cpe:/a:alma:linux:gtk-update-icon-cache", "p-cpe:/a:alma:linux:gtk3", "p-cpe:/a:alma:linux:gtk3-devel", "p-cpe:/a:alma:linux:gtk3-immodule-xim", "p-cpe:/a:alma:linux:mutter", "p-cpe:/a:alma:linux:mutter-devel", "p-cpe:/a:alma:linux:vino", "p-cpe:/a:alma:linux:webkit2gtk3", "p-cpe:/a:alma:linux:webkit2gtk3-devel", "p-cpe:/a:alma:linux:webkit2gtk3-jsc", "p-cpe:/a:alma:linux:webkit2gtk3-jsc-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4381.NASL", "href": "https://www.tenable.com/plugins/nessus/157596", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4381.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157596);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-13558\",\n \"CVE-2020-24870\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2020-36241\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-28650\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"ALSA\", value:\"2021:4381\");\n script_xref(name:\"IAVA\", value:\"2021-A-0505-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0126-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"AlmaLinux 8 : GNOME (ALSA-2021:4381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:4381 advisory.\n\n - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit\n WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)\n\n - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.\n (CVE-2020-24870)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes\n 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data\n deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update\n 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing\n history. (CVE-2020-29623)\n\n - autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other\n software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent\n is a symlink to a directory outside of the intended extraction location. (CVE-2020-36241)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content\n may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1788)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1789)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big\n Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS\n 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on\n arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4\n and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and\n iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,\n Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote\n attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim\n needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other\n software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent\n is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for\n CVE-2020-36241. (CVE-2021-28650)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak\n sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4381.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:accountsservice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:accountsservice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:accountsservice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-autoar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-calculator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-classic-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-control-center\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-control-center-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-online-accounts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-online-accounts-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-session-kiosk-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-session-wayland-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-session-xsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-apps-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-auto-move-windows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-dash-to-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-disable-screenshield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-drive-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-gesture-inhibitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-horizontal-workspaces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-launch-new-instance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-native-window-placement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-no-hot-corner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-panel-favorites\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-places-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-screenshot-window-sizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-systemMonitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-top-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-updates-dialog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-user-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-window-grouper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-window-list\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-windowsNavigator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-workspace-indicator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-software\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-software-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gsettings-desktop-schemas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk-update-icon-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk3-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vino\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gdm-40.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-40.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-28.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-devel / accountsservice / accountsservice-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:32:31", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2598-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-04T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:2598-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2598-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152202", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2598-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152202);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2598-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:2598-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2598-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30799\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009247.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e605200\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:30:32", "description": "The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2600-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-04T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2021:2600-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-2600-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152201", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2600-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152201);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2600-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2021:2600-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2021:2600-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30799\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009245.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?726d2b9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.32.3-2.66.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'webkit2gtk3-devel-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:32:36", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2762-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-18T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:2762-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libsoup-2_4-1", "p-cpe:/a:novell:suse_linux:libsoup-devel", "p-cpe:/a:novell:suse_linux:libsoup-lang", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-soup-2_4", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2762-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152656", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2762-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152656);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2762-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:2762-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2762-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30799\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009300.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52745954\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoup-2_4-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoup-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoup-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-Soup-2_4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libsoup-2_4-1 / libsoup-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T15:58:20", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4381 advisory.\n\n - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)\n\n - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788, CVE-2021-30795)\n\n - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete fix) (CVE-2020-36241)\n\n - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801)\n\n - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871)\n\n - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)\n\n - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)\n\n - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\n - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749, CVE-2021-30799)\n\n - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : GNOME (CESA-2021:4381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13558", "CVE-2020-24870", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-36241", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-28650", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:libraw", "p-cpe:/a:centos:centos:libraw-devel", "p-cpe:/a:centos:centos:accountsservice", "p-cpe:/a:centos:centos:accountsservice-devel", "p-cpe:/a:centos:centos:accountsservice-libs", "p-cpe:/a:centos:centos:gnome-autoar", "p-cpe:/a:centos:centos:gnome-calculator", "p-cpe:/a:centos:centos:gnome-classic-session", "p-cpe:/a:centos:centos:gnome-control-center", "p-cpe:/a:centos:centos:gnome-control-center-filesystem", "p-cpe:/a:centos:centos:gnome-online-accounts", "p-cpe:/a:centos:centos:gnome-online-accounts-devel", "p-cpe:/a:centos:centos:gnome-session", "p-cpe:/a:centos:centos:gnome-session-kiosk-session", "p-cpe:/a:centos:centos:gnome-session-wayland-session", "p-cpe:/a:centos:centos:gnome-session-xsession", "p-cpe:/a:centos:centos:gnome-settings-daemon", "p-cpe:/a:centos:centos:gnome-shell", "p-cpe:/a:centos:centos:gnome-shell-extension-apps-menu", "p-cpe:/a:centos:centos:gnome-shell-extension-auto-move-windows", "p-cpe:/a:centos:centos:gnome-shell-extension-common", "p-cpe:/a:centos:centos:gnome-shell-extension-dash-to-dock", "p-cpe:/a:centos:centos:gnome-shell-extension-desktop-icons", "p-cpe:/a:centos:centos:gnome-shell-extension-disable-screenshield", "p-cpe:/a:centos:centos:gnome-shell-extension-drive-menu", "p-cpe:/a:centos:centos:gnome-shell-extension-gesture-inhibitor", "p-cpe:/a:centos:centos:gnome-shell-extension-horizontal-workspaces", "p-cpe:/a:centos:centos:gnome-shell-extension-launch-new-instance", "p-cpe:/a:centos:centos:gnome-shell-extension-native-window-placement", "p-cpe:/a:centos:centos:gnome-shell-extension-no-hot-corner", "p-cpe:/a:centos:centos:gnome-shell-extension-panel-favorites", "p-cpe:/a:centos:centos:gnome-shell-extension-places-menu", "p-cpe:/a:centos:centos:gnome-shell-extension-screenshot-window-sizer", "p-cpe:/a:centos:centos:gnome-shell-extension-systemmonitor", "p-cpe:/a:centos:centos:gnome-shell-extension-top-icons", "p-cpe:/a:centos:centos:gnome-shell-extension-updates-dialog", "p-cpe:/a:centos:centos:gnome-shell-extension-user-theme", "p-cpe:/a:centos:centos:gnome-shell-extension-window-grouper", "p-cpe:/a:centos:centos:gnome-shell-extension-window-list", "p-cpe:/a:centos:centos:gnome-shell-extension-windowsnavigator", "p-cpe:/a:centos:centos:gnome-shell-extension-workspace-indicator", "p-cpe:/a:centos:centos:gnome-software", "p-cpe:/a:centos:centos:gnome-software-devel", "p-cpe:/a:centos:centos:gsettings-desktop-schemas", "p-cpe:/a:centos:centos:gsettings-desktop-schemas-devel", "p-cpe:/a:centos:centos:gtk-update-icon-cache", "p-cpe:/a:centos:centos:gtk3", "p-cpe:/a:centos:centos:gtk3-devel", "p-cpe:/a:centos:centos:gtk3-immodule-xim", "p-cpe:/a:centos:centos:mutter", "p-cpe:/a:centos:centos:mutter-devel", "p-cpe:/a:centos:centos:vino"], "id": "CENTOS8_RHSA-2021-4381.NASL", "href": "https://www.tenable.com/plugins/nessus/155097", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4381. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155097);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-13558\",\n \"CVE-2020-24870\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2020-36241\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-28650\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4381\");\n script_xref(name:\"IAVA\", value:\"2021-A-0505-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0126-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"CentOS 8 : GNOME (CESA-2021:4381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4381 advisory.\n\n - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution\n (CVE-2020-13558)\n\n - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788,\n CVE-2021-30795)\n\n - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the\n destination directory (incomplete fix) (CVE-2020-36241)\n\n - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801)\n\n - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871)\n\n - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and\n possibly code execution (CVE-2021-21775)\n\n - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code\n execution (CVE-2021-21779)\n\n - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination\n directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\n - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749,\n CVE-2021-30799)\n\n - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack\n (CVE-2021-30744)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4381\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:accountsservice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:accountsservice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:accountsservice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-autoar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-calculator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-classic-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-control-center\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-control-center-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-online-accounts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-online-accounts-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-session-kiosk-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-session-wayland-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-session-xsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-apps-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-auto-move-windows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-dash-to-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-disable-screenshield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-drive-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-gesture-inhibitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-horizontal-workspaces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-launch-new-instance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-native-window-placement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-no-hot-corner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-panel-favorites\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-places-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-screenshot-window-sizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-systemMonitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-top-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-updates-dialog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-user-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-window-grouper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-window-list\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-windowsNavigator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-workspace-indicator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-software\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-software-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gsettings-desktop-schemas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gtk-update-icon-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gtk3-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vino\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-devel / accountsservice / accountsservice-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-10T16:17:15", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4381 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : GNOME (RLSA-2021:4381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13558", "CVE-2020-24870", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-36241", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-28650", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-11-08T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:gnome-shell-extension-window-list", "p-cpe:/a:rocky:linux:gnome-shell-extension-windowsnavigator", "p-cpe:/a:rocky:linux:gnome-shell-extension-workspace-indicator", "p-cpe:/a:rocky:linux:gnome-software", "p-cpe:/a:rocky:linux:gnome-software-debuginfo", "p-cpe:/a:rocky:linux:gnome-software-debugsource", "p-cpe:/a:rocky:linux:gnome-software-devel", "p-cpe:/a:rocky:linux:gsettings-desktop-schemas", "p-cpe:/a:rocky:linux:gsettings-desktop-schemas-devel", "p-cpe:/a:rocky:linux:gtk-update-icon-cache", "p-cpe:/a:rocky:linux:gtk-update-icon-cache-debuginfo", "p-cpe:/a:rocky:linux:gtk3", "p-cpe:/a:rocky:linux:gtk3-debuginfo", "p-cpe:/a:rocky:linux:gtk3-debugsource", "p-cpe:/a:rocky:linux:gtk3-devel", "p-cpe:/a:rocky:linux:gtk3-devel-debuginfo", "p-cpe:/a:rocky:linux:gtk3-immodule-xim", "p-cpe:/a:rocky:linux:gtk3-immodule-xim-debuginfo", "p-cpe:/a:rocky:linux:mutter", "p-cpe:/a:rocky:linux:mutter-debuginfo", "p-cpe:/a:rocky:linux:mutter-debugsource", "p-cpe:/a:rocky:linux:mutter-devel", "p-cpe:/a:rocky:linux:vino", "p-cpe:/a:rocky:linux:vino-debuginfo", "p-cpe:/a:rocky:linux:vino-debugsource", "p-cpe:/a:rocky:linux:webkit2gtk3", "p-cpe:/a:rocky:linux:webkit2gtk3-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-debugsource", "p-cpe:/a:rocky:linux:webkit2gtk3-devel", "p-cpe:/a:rocky:linux:webkit2gtk3-devel-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel-debuginfo", "cpe:/o:rocky:linux:8", "p-cpe:/a:rocky:linux:accountsservice-debugsource", "p-cpe:/a:rocky:linux:accountsservice-devel", "p-cpe:/a:rocky:linux:accountsservice-libs", "p-cpe:/a:rocky:linux:accountsservice-libs-debuginfo", "p-cpe:/a:rocky:linux:gdm", "p-cpe:/a:rocky:linux:gdm-debuginfo", "p-cpe:/a:rocky:linux:gdm-debugsource", "p-cpe:/a:rocky:linux:gnome-autoar", "p-cpe:/a:rocky:linux:gnome-autoar-debuginfo", "p-cpe:/a:rocky:linux:gnome-autoar-debugsource", "p-cpe:/a:rocky:linux:gnome-calculator", "p-cpe:/a:rocky:linux:gnome-calculator-debuginfo", "p-cpe:/a:rocky:linux:gnome-calculator-debugsource", "p-cpe:/a:rocky:linux:gnome-classic-session", "p-cpe:/a:rocky:linux:gnome-control-center", "p-cpe:/a:rocky:linux:gnome-control-center-debuginfo", "p-cpe:/a:rocky:linux:gnome-control-center-debugsource", "p-cpe:/a:rocky:linux:gnome-control-center-filesystem", "p-cpe:/a:rocky:linux:gnome-online-accounts", "p-cpe:/a:rocky:linux:gnome-online-accounts-debuginfo", "p-cpe:/a:rocky:linux:gnome-online-accounts-debugsource", "p-cpe:/a:rocky:linux:gnome-online-accounts-devel", "p-cpe:/a:rocky:linux:gnome-session", "p-cpe:/a:rocky:linux:gnome-session-debuginfo", "p-cpe:/a:rocky:linux:gnome-session-debugsource", "p-cpe:/a:rocky:linux:gnome-session-kiosk-session", "p-cpe:/a:rocky:linux:gnome-session-wayland-session", "p-cpe:/a:rocky:linux:gnome-session-xsession", "p-cpe:/a:rocky:linux:gnome-settings-daemon", "p-cpe:/a:rocky:linux:gnome-settings-daemon-debuginfo", "p-cpe:/a:rocky:linux:gnome-settings-daemon-debugsource", "p-cpe:/a:rocky:linux:gnome-shell", "p-cpe:/a:rocky:linux:gnome-shell-debuginfo", "p-cpe:/a:rocky:linux:gnome-shell-debugsource", "p-cpe:/a:rocky:linux:gnome-shell-extension-apps-menu", "p-cpe:/a:rocky:linux:gnome-shell-extension-auto-move-windows", "p-cpe:/a:rocky:linux:gnome-shell-extension-common", "p-cpe:/a:rocky:linux:gnome-shell-extension-dash-to-dock", "p-cpe:/a:rocky:linux:gnome-shell-extension-desktop-icons", "p-cpe:/a:rocky:linux:gnome-shell-extension-disable-screenshield", "p-cpe:/a:rocky:linux:gnome-shell-extension-drive-menu", "p-cpe:/a:rocky:linux:gnome-shell-extension-gesture-inhibitor", "p-cpe:/a:rocky:linux:gnome-shell-extension-horizontal-workspaces", "p-cpe:/a:rocky:linux:gnome-shell-extension-launch-new-instance", "p-cpe:/a:rocky:linux:gnome-shell-extension-native-window-placement", "p-cpe:/a:rocky:linux:gnome-shell-extension-no-hot-corner", "p-cpe:/a:rocky:linux:gnome-shell-extension-panel-favorites", "p-cpe:/a:rocky:linux:gnome-shell-extension-places-menu", "p-cpe:/a:rocky:linux:gnome-shell-extension-screenshot-window-sizer", "p-cpe:/a:rocky:linux:gnome-shell-extension-systemmonitor", "p-cpe:/a:rocky:linux:gnome-shell-extension-top-icons", "p-cpe:/a:rocky:linux:gnome-shell-extension-updates-dialog", "p-cpe:/a:rocky:linux:gnome-shell-extension-user-theme", "p-cpe:/a:rocky:linux:gnome-shell-extension-window-grouper", "p-cpe:/a:rocky:linux:libraw", "p-cpe:/a:rocky:linux:libraw-debuginfo", "p-cpe:/a:rocky:linux:libraw-debugsource", "p-cpe:/a:rocky:linux:libraw-devel", "p-cpe:/a:rocky:linux:accountsservice", "p-cpe:/a:rocky:linux:accountsservice-debuginfo"], "id": "ROCKY_LINUX_RLSA-2021-4381.NASL", "href": "https://www.tenable.com/plugins/nessus/157823", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:4381.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157823);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/08\");\n\n script_cve_id(\n \"CVE-2020-13558\",\n \"CVE-2020-24870\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2020-36241\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-28650\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"RLSA\", value:\"2021:4381\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"Rocky Linux 8 : GNOME (RLSA-2021:4381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2021:4381 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim\n needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak\n sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:4381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1651378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1770302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1791478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1813727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1854679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1873297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1873488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1888404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1894613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1897932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1904139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1905000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1909300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1914925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1924725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1925640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1928794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1928886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1935261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1937416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1937866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1938937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1940026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1949176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1951086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1952136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1955754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1957705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1960705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1962049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1971507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1971534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1972545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1978287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1978505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1978612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1980441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1980661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1981420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1987233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1989035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1998989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1999120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2004170\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gdm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gdm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-autoar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-autoar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-autoar-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-calculator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-calculator-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-calculator-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-classic-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-control-center\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-control-center-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-control-center-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-control-center-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-online-accounts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-online-accounts-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-online-accounts-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-online-accounts-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-kiosk-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-wayland-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-xsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-settings-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-settings-daemon-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-apps-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-auto-move-windows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-dash-to-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-disable-screenshield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-drive-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-gesture-inhibitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-horizontal-workspaces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-launch-new-instance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-native-window-placement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-no-hot-corner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-panel-favorites\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-places-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-screenshot-window-sizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-systemMonitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-top-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-updates-dialog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-user-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-window-grouper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-window-list\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-windowsNavigator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-workspace-indicator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-software\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-software-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-software-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-software-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gsettings-desktop-schemas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk-update-icon-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk-update-icon-cache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-immodule-xim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mutter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mutter-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vino\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vino-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vino-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-debuginfo-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-debuginfo-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-debuginfo-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-debugsource-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-debugsource-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-debuginfo-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-debuginfo-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-debuginfo-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gdm-40.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-40.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-40.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debuginfo-40.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debuginfo-40.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debuginfo-40.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debugsource-40.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debugsource-40.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debugsource-40.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debuginfo-0.2.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debuginfo-0.2.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debuginfo-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debugsource-0.2.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debugsource-0.2.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debugsource-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-debuginfo-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-debuginfo-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-debugsource-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-debugsource-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-debuginfo-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-debuginfo-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-debugsource-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-debugsource-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-28.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debuginfo-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debuginfo-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debuginfo-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debugsource-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debugsource-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debugsource-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debuginfo-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debuginfo-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debugsource-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debugsource-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8_6.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8_6.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debuginfo-3.32.0-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debuginfo-3.32.0-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debuginfo-3.32.0-16.el8_6.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debuginfo-3.32.0-16.el8_6.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debugsource-3.32.0-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debugsource-3.32.0-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debugsource-3.32.0-16.el8_6.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debugsource-3.32.0-16.el8_6.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-debuginfo-3.32.2-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-debuginfo-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-debugsource-3.32.2-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-debugsource-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debuginfo-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debuginfo-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debuginfo-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debugsource-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debugsource-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debugsource-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-debuginfo-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-debuginfo-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debuginfo-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debuginfo-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debuginfo-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debugsource-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debugsource-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debugsource-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-debuginfo-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-debuginfo-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-debuginfo-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-debuginfo-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-debuginfo-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debuginfo-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debuginfo-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debugsource-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debugsource-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debuginfo-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debuginfo-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debuginfo-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debugsource-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debugsource-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debugsource-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-debuginfo-3.22.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-debuginfo-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-debugsource-3.22.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-debugsource-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-debuginfo / LibRaw-debugsource / LibRaw-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T15:57:21", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4381 advisory.\n\n - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)\n\n - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.\n (CVE-2020-24870)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. (CVE-2020-36241)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241. (CVE-2021-28650)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. (CVE-2020-29623)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1789)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : GNOME (ELSA-2021-4381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13558", "CVE-2020-24870", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-36241", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-28650", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libraw", "p-cpe:/a:oracle:linux:libraw-devel", "p-cpe:/a:oracle:linux:accountsservice", "p-cpe:/a:oracle:linux:accountsservice-devel", "p-cpe:/a:oracle:linux:accountsservice-libs", "p-cpe:/a:oracle:linux:gdm", "p-cpe:/a:oracle:linux:gnome-autoar", "p-cpe:/a:oracle:linux:gnome-calculator", "p-cpe:/a:oracle:linux:gnome-classic-session", "p-cpe:/a:oracle:linux:gnome-control-center", "p-cpe:/a:oracle:linux:gnome-control-center-filesystem", "p-cpe:/a:oracle:linux:gnome-online-accounts", "p-cpe:/a:oracle:linux:gnome-online-accounts-devel", "p-cpe:/a:oracle:linux:gnome-session", "p-cpe:/a:oracle:linux:gnome-session-kiosk-session", "p-cpe:/a:oracle:linux:gnome-session-wayland-session", "p-cpe:/a:oracle:linux:gnome-session-xsession", "p-cpe:/a:oracle:linux:gnome-settings-daemon", "p-cpe:/a:oracle:linux:gnome-shell", "p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows", "p-cpe:/a:oracle:linux:gnome-shell-extension-common", "p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock", "p-cpe:/a:oracle:linux:gnome-shell-extension-desktop-icons", "p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield", "p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-gesture-inhibitor", "p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces", "p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance", "p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement", "p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner", "p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites", "p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer", "p-cpe:/a:oracle:linux:gnome-shell-extension-systemmonitor", "p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons", "p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog", "p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme", "p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper", "p-cpe:/a:oracle:linux:gnome-shell-extension-window-list", "p-cpe:/a:oracle:linux:gnome-shell-extension-windowsnavigator", "p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator", "p-cpe:/a:oracle:linux:gnome-software", "p-cpe:/a:oracle:linux:gnome-software-devel", "p-cpe:/a:oracle:linux:gsettings-desktop-schemas", "p-cpe:/a:oracle:linux:gsettings-desktop-schemas-devel", "p-cpe:/a:oracle:linux:gtk-update-icon-cache", "p-cpe:/a:oracle:linux:gtk3", "p-cpe:/a:oracle:linux:gtk3-devel", "p-cpe:/a:oracle:linux:gtk3-immodule-xim", "p-cpe:/a:oracle:linux:mutter", "p-cpe:/a:oracle:linux:mutter-devel", "p-cpe:/a:oracle:linux:vino", "p-cpe:/a:oracle:linux:webkit2gtk3", "p-cpe:/a:oracle:linux:webkit2gtk3-devel", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel"], "id": "ORACLELINUX_ELSA-2021-4381.NASL", "href": "https://www.tenable.com/plugins/nessus/155421", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4381.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155421);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-13558\",\n \"CVE-2020-24870\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2020-36241\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-28650\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0126-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0505-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"Oracle Linux 8 : GNOME (ELSA-2021-4381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4381 advisory.\n\n - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit\n WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)\n\n - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.\n (CVE-2020-24870)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes\n 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big\n Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS\n 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on\n arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4\n and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other\n software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent\n is a symlink to a directory outside of the intended extraction location. (CVE-2020-36241)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content\n may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1788)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,\n Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote\n attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim\n needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other\n software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent\n is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for\n CVE-2020-36241. (CVE-2021-28650)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data\n deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update\n 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing\n history. (CVE-2020-29623)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1789)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and\n iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak\n sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4381.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:accountsservice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:accountsservice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:accountsservice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-autoar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-calculator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-classic-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-control-center\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-control-center-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-online-accounts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-online-accounts-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session-kiosk-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session-wayland-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session-xsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-gesture-inhibitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-systemMonitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-window-list\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-windowsNavigator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-software\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-software-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gsettings-desktop-schemas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk-update-icon-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk3-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vino\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gdm-40.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-40.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-40.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-28.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-devel / accountsservice / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-29T15:21:56", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4381 advisory.\n\n - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)\n\n - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788, CVE-2021-30795)\n\n - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete fix) (CVE-2020-36241)\n\n - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801)\n\n - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871)\n\n - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)\n\n - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)\n\n - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\n - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749, CVE-2021-30799)\n\n - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : GNOME (RHSA-2021:4381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13558", "CVE-2020-24870", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-36241", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-28650", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-10-27T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:libraw", "p-cpe:/a:redhat:enterprise_linux:libraw-devel", "p-cpe:/a:redhat:enterprise_linux:gnome-autoar", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel"], "id": "REDHAT-RHSA-2021-4381.NASL", "href": "https://www.tenable.com/plugins/nessus/155153", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4381. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155153);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/27\");\n\n script_cve_id(\n \"CVE-2020-13558\",\n \"CVE-2020-24870\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2020-36241\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-28650\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4381\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n script_xref(name:\"IAVA\", value:\"2021-A-0126-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0505-S\");\n\n script_name(english:\"RHEL 8 : GNOME (RHSA-2021:4381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4381 advisory.\n\n - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution\n (CVE-2020-13558)\n\n - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788,\n CVE-2021-30795)\n\n - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the\n destination directory (incomplete fix) (CVE-2020-36241)\n\n - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801)\n\n - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871)\n\n - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and\n possibly code execution (CVE-2021-21775)\n\n - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code\n execution (CVE-2021-21779)\n\n - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination\n directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\n - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749,\n CVE-2021-30799)\n\n - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack\n (CVE-2021-30744)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1928794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1928886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1940026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986906\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 119, 120, 190, 200, 416, 459, 843, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-autoar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/