Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_HT212804.NASL
HistorySep 16, 2021 - 12:00 a.m.

macOS 11.x < 11.6 (HT212804)

2021-09-1600:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
65

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON

The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6 Big Sur. It is, therefore, affected by multiple vulnerabilities including the following:

  • A use after free issue was addressed with improved memory management. Exploitation of this vulnerability may lead to arbitrary code execution. (CVE-2021-30858)

  • An integer overflow was addressed with improved input validation. Exploitation of this vulnerability may lead to arbitrary code execution. (CVE-2021-30860)

  • Insufficient checks when processing maliciously crafted dfont files may lead to arbitrary code execution. (CVE-2021-30841, CVE-2021-30842, CVE-2021-30843)

Note that Nessus has not tested for this issue but has instead relied only on the operating system’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(153429);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/28");

  script_cve_id(
    "CVE-2013-0340",
    "CVE-2021-22925",
    "CVE-2021-30827",
    "CVE-2021-30828",
    "CVE-2021-30829",
    "CVE-2021-30830",
    "CVE-2021-30832",
    "CVE-2021-30841",
    "CVE-2021-30842",
    "CVE-2021-30843",
    "CVE-2021-30844",
    "CVE-2021-30845",
    "CVE-2021-30847",
    "CVE-2021-30850",
    "CVE-2021-30853",
    "CVE-2021-30855",
    "CVE-2021-30857",
    "CVE-2021-30858",
    "CVE-2021-30859",
    "CVE-2021-30860",
    "CVE-2021-30865",
    "CVE-2021-31010"
  );
  script_xref(name:"APPLE-SA", value:"HT212804");
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2021-09-13-3");
  script_xref(name:"IAVA", value:"2021-A-0414-S");
  script_xref(name:"IAVA", value:"2021-A-0437-S");
  script_xref(name:"IAVA", value:"2021-A-0505-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/15");

  script_name(english:"macOS 11.x < 11.6 (HT212804)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS security update.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6 Big Sur. It is, therefore,
affected by multiple vulnerabilities including the following:

  - A use after free issue was addressed with improved memory management. Exploitation of this vulnerability may lead to 
    arbitrary code execution. (CVE-2021-30858)

  - An integer overflow was addressed with improved input validation. Exploitation of this vulnerability may lead to 
    arbitrary code execution. (CVE-2021-30860)

  - Insufficient checks when processing maliciously crafted dfont files may lead to arbitrary code
    execution. (CVE-2021-30841, CVE-2021-30842, CVE-2021-30843)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported
version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-gb/HT212804");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS 11.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30865");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-30858");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/09/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos:11.0");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_ports("Host/MacOSX/Version", "Host/local_checks_enabled", "Host/MacOSX/packages/boms");

  exit(0);
}
include('vcf.inc');
include('vcf_extras_apple.inc');

var app_info = vcf::apple::macos::get_app_info();
var constraints = [{'min_version': '11.0', 'fixed_version': '11.6', 'fixed_display': 'macOS Big Sur 11.6'}];

vcf::apple::macos::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE
);
VendorProductVersionCPE
applemacos11.0cpe:/o:apple:macos:11.0
applemac_os_x11.0cpe:/o:apple:mac_os_x:11.0

References

Related

nessus 23
openvas 15
apple 7
thn 4
qualysblog 2
hivepro 2
cisa 1
prion 22
cve 22
nvd 21
threatpost 2
githubexploit 3
cvelist 22
attackerkb 3
zdi 1
cnvd 1
cisa_kev 3
googleprojectzero 1
osv 4
slackware 2
malwarebytes 1
almalinux 1
redhat 3
ubuntu 1
freebsd 5
amazon 1
debian 2
alpinelinux 2
rocky 1
debiancve 3
veracode 2
cbl_mariner 3
ibm 3
ubuntucve 2
checkpoint_advisories 1
oraclelinux 2
mageia 1
redhatcve 1
fedora 2
cloudlinux 1
nessus
nessus
macOS 10.15.x < Catalina Security Update 2021-005 Catalina (HT212805)
2021-09-16 00:00:00
Slackware Linux 15.0 / current poppler Vulnerability (SSA:2022-244-01)
2022-09-01 00:00:00
Debian DSA-4975-1 : webkit2gtk - security update
2021-09-22 00:00:00
openvas
openvas
Apple Mac OS X Security Update (HT212805)
2021-09-14 00:00:00
Apple Mac OS X Security Update (HT212804)
2021-09-14 00:00:00
Fedora: Security Advisory for webkit2gtk3 (FEDORA-2021-edf6957b7d)
2021-10-07 00:00:00
apple
apple
About the security content of Security Update 2021-005 Catalina
2021-09-13 00:00:00
About the security content of macOS Big Sur 11.6
2021-09-13 00:00:00
About the security content of iOS 14.8 and iPadOS 14.8
2021-09-13 00:00:00
thn
thn
Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware
2021-09-14 04:35:00
Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days
2021-09-24 03:39:00
Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware
2022-02-04 11:52:00
qualysblog
qualysblog
NSO Pegasus iPhone Spyware Vulnerabilities Fixed by Apple – Detect & Prioritize Using VMDR for Mobile Devices
2021-09-29 08:28:10
Detect & Prioritize NSO Pegasus iPhone Spyware Vulnerabilities Using VMDR for Mobile Devices
2021-09-20 14:47:57
hivepro
hivepro
Apple fixes the zero-day vulnerabilities exploited by Pegasus spyware named “FORCEDENTRY”
2021-09-16 13:49:19
Old Gatekeeper bypass vulnerability in macOS exploited
2021-12-25 02:52:05
cisa
cisa
Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860
2021-09-13 00:00:00
prion
prion
Input validation
2021-10-19 14:15:00
Code injection
2021-10-19 14:15:00
Memory corruption
2021-10-19 14:15:00
cve
cve
CVE-2021-30850
2021-10-19 14:15:09
CVE-2021-30855
2021-08-24 19:15:14
CVE-2021-30844
2021-10-19 14:15:09
nvd
nvd
CVE-2021-30829
2021-10-19 14:15:08
CVE-2021-30832
2021-10-19 14:15:09
CVE-2021-30865
2021-08-24 19:15:14
threatpost
threatpost
Apple Patches 3 More Zero-Days Under Active Attack
2021-09-24 11:29:27
Apple Issues Emergency Fix for NSO Zero-Click Zero Day
2021-09-13 22:10:15
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Apple Macos
2022-01-02 20:24:11
Exploit for Integer Overflow or Wraparound in Apple Ipados
2021-09-18 22:14:17
Exploit for Use After Free in Apple Ipados
2021-10-14 01:51:39
cvelist
cvelist
CVE-2021-30859
2021-08-24 18:49:24
CVE-2021-30829
2021-10-19 13:11:57
CVE-2021-30828
2021-10-19 13:11:56
attackerkb
attackerkb
CVE-2021-31010
2021-08-24 00:00:00
CVE-2021-30858
2021-08-24 00:00:00
CVE-2021-30860
2021-08-24 00:00:00
zdi
zdi
Apple macOS CVMServer Use-After-Free Privilege Escalation Vulnerability
2022-02-16 00:00:00
cnvd
cnvd
Multiple Apple product code issues vulnerabilities
2022-09-02 00:00:00
cisa_kev
cisa_kev
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
2022-08-25 00:00:00
Apple Multiple Products Integer Overflow Vulnerability
2021-11-03 00:00:00
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
2021-11-03 00:00:00
googleprojectzero
googleprojectzero
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
2021-12-15 00:00:00
osv
osv
CVE-2021-30860
2021-08-24 19:15:14
Moderate: webkit2gtk3 security and bug fix update
2021-11-02 10:34:24
CVE-2021-22925
2021-08-05 21:15:11
slackware
slackware
[slackware-security] poppler
2022-09-01 20:05:47
[slackware-security] expat
2021-05-23 19:55:46
malwarebytes
malwarebytes
Apple releases emergency update: Patch, but don’t panic
2021-09-14 11:39:39
almalinux
almalinux
Moderate: webkit2gtk3 security and bug fix update
2021-11-02 10:34:24
redhat
redhat
(RHSA-2021:4686) Moderate: webkit2gtk3 security update
2021-11-16 07:41:20
(RHSA-2022:0075) Moderate: webkit2gtk3 security update
2022-01-11 09:08:18
(RHSA-2022:0059) Moderate: webkitgtk4 security update
2022-01-11 09:01:44
ubuntu
ubuntu
WebKitGTK vulnerabilities
2021-09-22 00:00:00
freebsd
freebsd
texproc/expat2 -- billion laugh attack
2013-02-21 00:00:00
Python -- multiple vulnerabilities
2021-08-30 00:00:00
Python -- multiple vulnerabilities
2021-08-30 00:00:00
amazon
amazon
Medium: webkitgtk4
2022-02-03 19:30:00
debian
debian
[SECURITY] [DSA 4975-1] webkit2gtk security update
2021-09-21 10:15:01
[SECURITY] [DSA 4976-1] wpewebkit security update
2021-09-21 10:17:04
alpinelinux
alpinelinux
CVE-2021-30858
2021-08-24 19:15:14
CVE-2021-22925
2021-08-05 21:15:11
rocky
rocky
webkit2gtk3 security and bug fix update
2021-11-02 10:34:24
debiancve
debiancve
CVE-2013-0340
2014-01-21 18:55:09
CVE-2021-30858
2021-08-24 19:15:14
CVE-2021-22925
2021-08-05 21:15:11
veracode
veracode
XML External Entities (XXE)
2019-06-12 07:55:17
Remote Code Execution (RCE)
2021-10-31 16:17:23
cbl_mariner
cbl_mariner
CVE-2021-22925 affecting package curl for versions less than 7.76.0-5
2022-04-09 06:51:45
CVE-2013-0340 affecting package expat 2.2.6-4
2022-01-10 03:59:19
CVE-2021-22925 affecting package curl 7.76.0-9
2021-08-11 06:39:26
ibm
ibm
Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2021-22925)
2021-10-04 15:42:39
Security Bulletin: IBM Prospect is affected by Expat XML Parser vulnerability (CVE-2013-0340)
2018-06-17 15:49:59
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22925)
2022-04-22 14:30:11
ubuntucve
ubuntucve
CVE-2013-0340
2014-01-21 00:00:00
CVE-2021-30858
2021-08-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple iOS Use After Free (CVE-2021-30858)
2022-02-21 00:00:00
oraclelinux
oraclelinux
webkit2gtk3 security and bug fix update
2021-11-02 00:00:00
webkitgtk4 security update
2022-01-12 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerability
2021-09-29 20:22:22
redhatcve
redhatcve
CVE-2021-30858
2021-09-20 21:33:04
fedora
fedora
[SECURITY] Fedora 34 Update: webkit2gtk3-2.32.4-1.fc34
2021-09-21 15:33:32
[SECURITY] Fedora 33 Update: webkit2gtk3-2.32.4-1.fc33
2021-10-04 01:04:10
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-22925
2021-09-21 22:05:44

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON
Related for MACOS_HT212804.NASL
nessus23openvas15apple7thn4qualysblog2hivepro2cisa1prion22cve22nvd21threatpost2githubexploit3cvelist22attackerkb3zdi1cnvd1cisa_kev3googleprojectzero1osv4slackware2malwarebytes1almalinux1redhat3ubuntu1freebsd5amazon1debian2alpinelinux2rocky1debiancve3veracode2cbl_mariner3ibm3ubuntucve2checkpoint_advisories1oraclelinux2mageia1redhatcve1fedora2cloudlinux1