CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
89.8%
Apple Mac OS X is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.813112");
script_version("2024-02-09T14:47:30+0000");
script_cve_id("CVE-2018-4108", "CVE-2018-4143", "CVE-2018-4105", "CVE-2018-4107",
"CVE-2018-4160", "CVE-2018-4167", "CVE-2018-4142", "CVE-2018-4174",
"CVE-2018-4131", "CVE-2018-4132", "CVE-2018-4135", "CVE-2018-4111",
"CVE-2018-4170", "CVE-2018-4115", "CVE-2018-4157", "CVE-2018-4152",
"CVE-2018-4150", "CVE-2018-4138", "CVE-2018-4173");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2024-02-09 14:47:30 +0000 (Fri, 09 Feb 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");
script_tag(name:"creation_date", value:"2018-04-02 10:46:18 +0530 (Mon, 02 Apr 2018)");
script_name("Apple Mac OS X Security Updates (HT208692)-01");
script_tag(name:"summary", value:"Apple Mac OS X is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws exist due to:
- An injection issue due to improper input validation.
- An issue existed in the parsing of URLs in PDFs due to improper input
validation.
- An out-of-bounds read error.
- An inconsistent user interface issue.
- By scanning key states, an unprivileged application could log keystrokes
entered into other applications even when secure input mode was enabled.
- An issue existed in the handling of S/MIME HTML e-mail.
- The sysadminctl command-line tool required that passwords be passed to it
in its arguments, potentially exposing the passwords to other local users.
- An issue existed in CFPreferences.
- Multiple memory corruption issues.
- A validation issue.
- A consistency issue existed in deciding when to show the microphone use
indicator.");
script_tag(name:"impact", value:"Successful exploitation of this vulnerability
will allow remote attackers to execute arbitrary code with kernel privileges,
gain access to passwords supplied to sysadminctl, truncate an APFS volume
password, gain access to potentially sensitive data, gain elevated privileges,
conduct a denial-of-service attack, log keystrokes entered into applications,
intercept and exfiltrate the contents of S/MIME-encrypted e-mail and use a
removed configuration profile and access the microphone without indication to
the user.");
script_tag(name:"affected", value:"Apple Mac OS X versions 10.13.x through 10.13.3");
script_tag(name:"solution", value:"Upgrade to Apple Mac OS X 10.13.4 or later. Please see the references for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
script_xref(name:"URL", value:"https://support.apple.com/en-us/HT208692");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone AG");
script_family("Mac OS X Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^10\.13");
exit(0);
}
include("version_func.inc");
osName = get_kb_item("ssh/login/osx_name");
if(!osName)
exit(0);
osVer = get_kb_item("ssh/login/osx_version");
if(!osVer || osVer !~ "^10\.13" || "Mac OS X" >!< osName){
exit(0);
}
if(version_is_less(version:osVer, test_version:"10.13.4"))
{
report = report_fixed_ver(installed_version:osVer, fixed_version:"10.13.4");
security_message(data:report);
exit(0);
}
exit(99);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
89.8%