Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_10_14_1.NASL
HistoryOct 31, 2018 - 12:00 a.m.

macOS 10.14.x < 10.14.1 Multiple Vulnerabilities

2018-10-3100:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
68

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.8%

JSON

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.1. It is, therefore, affected by multiple vulnerabilities related to the following components :

-AppleGraphicsControl
-CoreAnimation
-CoreCrypto
-Dock
-dyld
-EFI
-ICU
-IOGraphics
-IOKit
-IPSec
-Kernel
-Mail
-Microcode
-NetworkExtension
-Security
-WiFi

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(118574);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/16");

  script_cve_id(
    "CVE-2018-3640",
    "CVE-2018-4340",
    "CVE-2018-4342",
    "CVE-2018-4368",
    "CVE-2018-4369",
    "CVE-2018-4371",
    "CVE-2018-4389",
    "CVE-2018-4398",
    "CVE-2018-4400",
    "CVE-2018-4402",
    "CVE-2018-4403",
    "CVE-2018-4410",
    "CVE-2018-4413",
    "CVE-2018-4415",
    "CVE-2018-4419",
    "CVE-2018-4420",
    "CVE-2018-4422",
    "CVE-2018-4423",
    "CVE-2018-4424",
    "CVE-2018-4425"
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2018-10-30-2");
  script_xref(name:"IAVA", value:"2021-A-0356-S");

  script_name(english:"macOS 10.14.x < 10.14.1 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS update that fixes multiple security
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS / Mac OS X that is
10.14.x prior to 10.14.1. It is, therefore, affected by multiple
vulnerabilities related to the following components :

  -AppleGraphicsControl
  -CoreAnimation
  -CoreCrypto
  -Dock
  -dyld
  -EFI
  -ICU
  -IOGraphics
  -IOKit
  -IPSec
  -Kernel
  -Mail
  -Microcode
  -NetworkExtension
  -Security
  -WiFi

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209193");
  # https://lists.apple.com/archives/security-announce/2018/Oct/msg00003.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f0681c90");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS version 10.14.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4425");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-4422");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/31");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
  script_require_ports("Host/MacOSX/Version", "Host/OS");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");


fix = "10.14.1";
minver = "10.14";

os = get_kb_item("Host/MacOSX/Version");
if (!os)
{
  os = get_kb_item_or_exit("Host/OS");
  if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");

  c = get_kb_item("Host/OS/Confidence");
  if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
}
if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");

matches = pregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
if (empty_or_null(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "').");

version = matches[1];

if (ver_compare(ver:version, minver:minver, fix:fix, strict:FALSE) == -1)
{
  security_report_v4(
    port:0,
    severity:SECURITY_HOLE,
    extra:
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fix +
      '\n'
  );
}
else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
applemacoscpe:/o:apple:macos

References

Related

openvas 19
nessus 28
apple 18
cvelist 20
prion 20
cve 20
nvd 20
zdi 6
jvn 1
myhack58 1
redhatcve 1
f5 2
ubuntucve 1
debiancve 1
suse 2
huawei 1
ibm 10
debian 4
mageia 1
osv 3
threatpost 1
cisco 1
mscve 4
intel 1
hp 1
vmware 1
qualysblog 1
ubuntu 1
cloudfoundry 1
lenovo 4
cert 1
mskb 1
kaspersky 1
fortinet 1
openvas
openvas
Apple Mac OS X Security Updates (HT209193)-02
2018-11-02 00:00:00
Apple Mac OS X Security Updates (HT209193)-04
2018-11-02 00:00:00
Apple Mac OS X Security Updates (HT209193)-03
2018-11-02 00:00:00
nessus
nessus
Apple TV < 12.1 Multiple Vulnerabilities
2018-11-02 00:00:00
macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)
2018-10-31 00:00:00
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-005)
2018-10-31 00:00:00
apple
apple
About the security content of tvOS 12.1
2018-10-30 00:00:00
About the security content of tvOS 12.1 - Apple Support
2019-01-23 08:37:05
About the security content of watchOS 5.1
2018-10-30 00:00:00
cvelist
cvelist
CVE-2018-4403
2019-04-03 17:43:17
CVE-2018-4425
2019-04-03 17:43:18
CVE-2018-4400
2019-04-03 17:43:17
prion
prion
Input validation
2019-04-03 18:29:00
Design/Logic Flaw
2019-04-03 18:29:00
Memory corruption
2019-04-03 18:29:00
cve
cve
CVE-2018-4425
2019-04-03 18:29:15
CVE-2018-4413
2019-04-03 18:29:14
CVE-2018-4424
2019-04-03 18:29:15
nvd
nvd
CVE-2018-4400
2019-04-03 18:29:13
CVE-2018-4425
2019-04-03 18:29:15
CVE-2018-4424
2019-04-03 18:29:15
zdi
zdi
Apple macOS NECP Control Socket Type Confusion Privilege Escalation Vulnerability
2018-10-30 00:00:00
Apple macOS sysctl_procargsx Uninitialized Buffer Information Disclosure Vulnerability
2018-10-31 00:00:00
Apple macOS NECP Control Socket Type Confusion Privilege Escalation Vulnerability
2018-11-20 00:00:00
jvn
jvn
JVN#96551318: Mail app for iOS vulnerable to denial-of-service (DoS)
2018-11-02 00:00:00
myhack58
myhack58
How to use QuartzCore Stack Overflow to achieve the iOS/macOS Safari sandbox escape-vulnerability warning-the black bar safety net
2018-12-03 00:00:00
redhatcve
redhatcve
CVE-2018-3640
2018-05-21 21:19:45
f5
f5
K51801290 : RSRE Variant 3a vulnerability CVE-2018-3640
2018-07-03 00:00:00
K58304450 : Multiple Intel Processor vulnerabilities: Spectre-NG
2018-05-30 00:00:00
ubuntucve
ubuntucve
CVE-2018-3640
2018-05-21 00:00:00
debiancve
debiancve
CVE-2018-3640
2018-05-22 12:29:00
suse
suse
Security update for ucode-intel (important)
2018-07-06 21:08:25
Security update to ucode-intel (important)
2018-08-17 12:10:34
huawei
huawei
Security Advisory - Side-Channel Vulnerability Variants 3a and 4
2018-06-15 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)
2019-01-24 12:55:01
Security Bulletin: This Power Hardware Management Console (HMC) Security Bulletin is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2018-3639 (Variant 4) and CVE-2018-3640 (Variant 3a).
2021-09-23 01:45:02
Security Bulletin: IBM PureApplication Service is affected by vulnerabilities (CVE-2018-3639, CVE-2018-3640)
2019-05-30 23:55:01
debian
debian
[SECURITY] [DSA 4273-2] intel-microcode security update
2018-09-16 20:43:40
[SECURITY] [DLA 1446-1] intel-microcode security update
2018-07-27 05:08:13
[SECURITY] [DSA 4273-1] intel-microcode security update
2018-08-16 20:43:21
mageia
mageia
Updated microcode packages fix security vulnerability
2018-07-25 11:24:17
osv
osv
intel-microcode - security update
2018-09-16 00:00:00
intel-microcode - security update
2018-08-16 00:00:00
intel-microcode - security update
2018-07-27 00:00:00
threatpost
threatpost
Intel Responds to Spectre-Like Flaw In CPUs
2018-05-22 14:03:08
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
2018-05-22 01:00:00
mscve
mscve
Microsoft Guidance for Speculative Store Bypass
2018-05-21 07:00:00
Microsoft Guidance for Rogue System Register Read
2018-05-21 07:00:00
Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities
2019-05-14 07:00:00
intel
intel
Q2 2018 Speculative Execution Side Channel Update
2021-05-11 00:00:00
hp
hp
HPSBHF03584 rev. 8 - Derivative Side-Channel Analysis Method
2018-05-04 00:00:00
vmware
vmware
VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.
2018-05-21 00:00:00
qualysblog
qualysblog
All Hands Memo to Owners of Home / Small Office Routers: Reboot Them!
2018-05-30 14:33:42
ubuntu
ubuntu
Intel Microcode vulnerabilities
2018-08-27 00:00:00
cloudfoundry
cloudfoundry
USN-3756-1: Intel Microcode vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
lenovo
lenovo
Speculative Execution Side Channel Variants 4 and 3a - US
2018-09-13 11:41:00
Intel Software Guard Extensions (SGX) Vulnerabilities - US
2018-08-22 18:58:00
Intel Software Guard Extensions (SGX) Vulnerabilities - Lenovo Support US
2018-10-16 12:02:18
cert
cert
CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
2018-05-21 00:00:00
mskb
mskb
KB4073065: Surface guidance to protect against silicon-based microarchitectural and speculative execution side-channel vulnerabilities
2018-05-21 07:00:00
kaspersky
kaspersky
KLA11343 Multiple vulnerabilities in Apple iTunes
2018-10-30 00:00:00
fortinet
fortinet
Meltdown and Spectre class vulnerabilities
2019-08-26 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

71.8%

JSON
Related for MACOS_10_14_1.NASL
openvas19nessus28apple18cvelist20prion20cve20nvd20zdi6jvn1myhack581redhatcve1f52ubuntucve1debiancve1suse2huawei1ibm10debian4mageia1osv3threatpost1cisco1mscve4intel1hp1vmware1qualysblog1ubuntu1cloudfoundry1lenovo4cert1mskb1kaspersky1fortinet1