CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.1%
The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6.6. It is, therefore, affected by multiple vulnerabilities:
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. (CVE-2018-25032)
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. A malicious application may be able to bypass certain Privacy preferences. (CVE-2021-30946)
vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-4136)
vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)
vim is vulnerable to Use After Free (CVE-2021-4173, CVE-2021-4187, CVE-2021-4192)
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
(CVE-2021-45444)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none (CVE-2021-46059)
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. (CVE-2022-0530)
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. (CVE-2022-22589)
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution (CVE-2022-22630)
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. (CVE-2022-22663)
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. (CVE-2022-22665)
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. (CVE-2022-22674)
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited… (CVE-2022-22675)
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308)
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
(CVE-2022-26697)
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
(CVE-2022-26698)
An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. (CVE-2022-26706)
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system.
(CVE-2022-26712)
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. (CVE-2022-26714)
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. (CVE-2022-26715)
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.
(CVE-2022-26718)
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2022-26720)
A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.
(CVE-2022-26721, CVE-2022-26722)
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. (CVE-2022-26723)
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user’s screen.
(CVE-2022-26726)
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files. (CVE-2022-26728)
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode.
(CVE-2022-26731)
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory. (CVE-2022-26745)
This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. (CVE-2022-26746)
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26748)
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.
(CVE-2022-26751)
This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. (CVE-2022-26755)
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. (CVE-2022-26756)
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
(CVE-2022-26757)
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. (CVE-2022-26761)
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
(CVE-2022-26763)
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. (CVE-2022-26766)
The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. (CVE-2022-26767)
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. (CVE-2022-26768)
A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2022-26769)
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2022-26770)
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution.
(CVE-2022-26776)
This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service. (CVE-2022-32790)
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges. (CVE-2022-32794)
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences. (CVE-2022-32882)
Note that Nessus has not tested for these issues but has instead relied only on the operating system’s self-reported version number.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(161395);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/20");
script_cve_id(
"CVE-2018-25032",
"CVE-2021-30946",
"CVE-2021-4136",
"CVE-2021-4166",
"CVE-2021-4173",
"CVE-2021-4187",
"CVE-2021-4192",
"CVE-2021-4193",
"CVE-2021-44224",
"CVE-2021-44790",
"CVE-2021-45444",
"CVE-2021-46059",
"CVE-2022-0128",
"CVE-2022-0530",
"CVE-2022-0778",
"CVE-2022-22589",
"CVE-2022-22630",
"CVE-2022-22663",
"CVE-2022-22665",
"CVE-2022-22674",
"CVE-2022-22675",
"CVE-2022-22719",
"CVE-2022-22720",
"CVE-2022-22721",
"CVE-2022-23308",
"CVE-2022-26697",
"CVE-2022-26698",
"CVE-2022-26706",
"CVE-2022-26712",
"CVE-2022-26714",
"CVE-2022-26715",
"CVE-2022-26718",
"CVE-2022-26720",
"CVE-2022-26721",
"CVE-2022-26722",
"CVE-2022-26723",
"CVE-2022-26726",
"CVE-2022-26728",
"CVE-2022-26731",
"CVE-2022-26745",
"CVE-2022-26746",
"CVE-2022-26748",
"CVE-2022-26751",
"CVE-2022-26755",
"CVE-2022-26756",
"CVE-2022-26757",
"CVE-2022-26761",
"CVE-2022-26763",
"CVE-2022-26766",
"CVE-2022-26767",
"CVE-2022-26768",
"CVE-2022-26769",
"CVE-2022-26770",
"CVE-2022-26776",
"CVE-2022-32790",
"CVE-2022-32794",
"CVE-2022-32882"
);
script_xref(name:"IAVA", value:"2022-A-0212-S");
script_xref(name:"IAVA", value:"2022-A-0442-S");
script_xref(name:"APPLE-SA", value:"HT213256");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/25");
script_name(english:"macOS 11.x < 11.6.6 Multiple Vulnerabilities (HT213256)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS update that fixes multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.6.6. It is, therefore, affected by
multiple vulnerabilities:
- zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many
distant matches. (CVE-2018-25032)
- A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.1,
watchOS 8.3, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. A malicious application may be able to bypass
certain Privacy preferences. (CVE-2021-30946)
- vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-4136)
- vim is vulnerable to Out-of-bounds Read (CVE-2021-4166, CVE-2021-4193, CVE-2022-0128)
- vim is vulnerable to Use After Free (CVE-2021-4173, CVE-2021-4187, CVE-2021-4192)
- A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL
pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for
requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This
issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)
- A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser
(r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and
earlier. (CVE-2021-44790)
- In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the
prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
(CVE-2021-45444)
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn
by its CNA. Further investigation showed that it was not a security issue. Notes: none (CVE-2021-46059)
- A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local
string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially
crafted zip file, leading to a crash or code execution. (CVE-2022-0530)
- The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop
forever for non-prime moduli. Internally this function is used when parsing certificates that contain
elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point
encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has
invalid explicit curve parameters. Since certificate parsing happens prior to verification of the
certificate signature, any process that parses an externally supplied certificate may thus be subject to a
denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they
can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients
consuming server certificates - TLS servers consuming client certificates - Hosting providers taking
certificates or private keys from customers - Certificate authorities parsing certification requests from
subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that
use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS
issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate
which makes it slightly harder to trigger the infinite loop. However any operation which requires the
public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-
signed certificate to trigger the loop during verification of the certificate signature. This issue
affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the
15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected
1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)
- A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and
iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted
mail message may lead to running arbitrary javascript. (CVE-2022-22589)
- A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur
11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app
termination or arbitrary code execution (CVE-2022-22630)
- This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS
15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A
malicious application may bypass Gatekeeper checks. (CVE-2022-22663)
- A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A
malicious application may be able to gain root privileges. (CVE-2022-22665)
- An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with
improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004
Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. (CVE-2022-22674)
- An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS
15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An
application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that
this issue may have been actively exploited.. (CVE-2022-22675)
- A carefully crafted request body can cause a read to a random memory area which could cause the process to
crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)
- Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered
discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)
- If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems
an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server
2.4.52 and earlier. (CVE-2022-22721)
- valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308)
- An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security
Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted
AppleScript binary may result in unexpected application termination or disclosure of process memory.
(CVE-2022-26697)
- An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security
Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted
AppleScript binary may result in unexpected application termination or disclosure of process memory.
(CVE-2022-26698)
- An access issue was addressed with additional sandbox restrictions on third-party applications. This issue
is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A
sandboxed process may be able to circumvent sandbox restrictions. (CVE-2022-26706)
- This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4,
macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system.
(CVE-2022-26712)
- A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS
15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey
12.4. An application may be able to execute arbitrary code with kernel privileges. (CVE-2022-26714)
- An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security
Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain
elevated privileges. (CVE-2022-26715)
- An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS
Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.
(CVE-2022-26718)
- An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security
Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able
to execute arbitrary code with kernel privileges. (CVE-2022-26720)
- A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina,
macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.
(CVE-2022-26721, CVE-2022-26722)
- A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS
Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to
arbitrary code execution. (CVE-2022-26723)
- This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina,
watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.
(CVE-2022-26726)
- This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004
Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access
restricted files. (CVE-2022-26728)
- A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4,
iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode.
(CVE-2022-26731)
- A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur
11.6.6. A malicious application may disclose restricted memory. (CVE-2022-26745)
- This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004
Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy
preferences. (CVE-2022-26746)
- An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security
Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web
content may lead to arbitrary code execution. (CVE-2022-26748)
- A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes
12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6,
macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.
(CVE-2022-26751)
- This issue was addressed with improved environment sanitization. This issue is fixed in Security Update
2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break
out of its sandbox. (CVE-2022-26755)
- An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security
Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute
arbitrary code with kernel privileges. (CVE-2022-26756)
- A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,
iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS
Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.
(CVE-2022-26757)
- A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security
Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with
kernel privileges. (CVE-2022-26761)
- An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS
15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6,
macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.
(CVE-2022-26763)
- A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5
and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey
12.4. A malicious app may be able to bypass signature validation. (CVE-2022-26766)
- The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4,
macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. (CVE-2022-26767)
- A memory corruption issue was addressed with improved state management. This issue is fixed in macOS
Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute
arbitrary code with kernel privileges. (CVE-2022-26768)
- A memory corruption issue was addressed with improved input validation. This issue is fixed in Security
Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able
to execute arbitrary code with kernel privileges. (CVE-2022-26769)
- An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security
Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able
to execute arbitrary code with kernel privileges. (CVE-2022-26770)
- This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur
11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution.
(CVE-2022-26776)
- This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and
iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user
may be able to cause a denial-of-service. (CVE-2022-32790)
- A logic issue was addressed with improved state management. This issue is fixed in Security Update
2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated
privileges. (CVE-2022-32794)
- This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur
11.6.6. An app may be able to bypass Privacy preferences. (CVE-2022-32882)
Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported
version number.");
script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT213256");
script_set_attribute(attribute:"solution", value:
"Upgrade to macOS 11.6.6 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26770");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-32882");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/16");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x:11.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos:11.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_ports("Host/MacOSX/Version", "Host/local_checks_enabled", "Host/MacOSX/packages/boms");
exit(0);
}
include('vcf.inc');
include('vcf_extras_apple.inc');
var app_info = vcf::apple::macos::get_app_info();
var constraints = [
{ 'fixed_version' : '11.6.6', 'min_version' : '11.0', 'fixed_display' : 'macOS Big Sur 11.6.6' }
];
vcf::apple::macos::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4136
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4173
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4187
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4193
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22589
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22630
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26697
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26706
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26712
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26714
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26715
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26718
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26720
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26721
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26726
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26728
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26731
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26746
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26751
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26763
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32882
support.apple.com/en-us/HT213256
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.1%