Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2022 Greenbone AGOPENVAS:1361412562310821282
HistoryAug 04, 2022 - 12:00 a.m.

Apple Mac OS X Security Update (HT209139)

2022-08-0400:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
9
apple mac os x
multiple flaws
arbitrary code
elevate privileges
disclose sensitive information
denial of service
macos mojave 10.14
upgrade

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.951

Percentile

99.4%

JSON

Apple Mac OS X is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.821282");
  script_version("2024-02-09T14:47:30+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2015-3194", "CVE-2015-5333", "CVE-2015-5334", "CVE-2016-0702",
                "CVE-2016-1777", "CVE-2017-12613", "CVE-2017-12618", "CVE-2017-5731",
                "CVE-2017-5732", "CVE-2017-5733", "CVE-2017-5734", "CVE-2017-5735",
                "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-4126", "CVE-2018-4153",
                "CVE-2018-4203", "CVE-2018-4295", "CVE-2018-4296", "CVE-2018-4304",
                "CVE-2018-4308", "CVE-2018-4310", "CVE-2018-4321", "CVE-2018-4324",
                "CVE-2018-4326", "CVE-2018-4331", "CVE-2018-4332", "CVE-2018-4333",
                "CVE-2018-4334", "CVE-2018-4336", "CVE-2018-4337", "CVE-2018-4338",
                "CVE-2018-4340", "CVE-2018-4341", "CVE-2018-4343", "CVE-2018-4344",
                "CVE-2018-4346", "CVE-2018-4347", "CVE-2018-4348", "CVE-2018-4350",
                "CVE-2018-4351", "CVE-2018-4353", "CVE-2018-4354", "CVE-2018-4355",
                "CVE-2018-4383", "CVE-2018-4393", "CVE-2018-4395", "CVE-2018-4396",
                "CVE-2018-4399", "CVE-2018-4401", "CVE-2018-4406", "CVE-2018-4407",
                "CVE-2018-4408", "CVE-2018-4411", "CVE-2018-4412", "CVE-2018-4414",
                "CVE-2018-4417", "CVE-2018-4418", "CVE-2018-4425", "CVE-2018-4426",
                "CVE-2018-4433", "CVE-2018-4451", "CVE-2018-4456", "CVE-2018-5383",
                "CVE-2019-8643");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-09 14:47:30 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");
  script_tag(name:"creation_date", value:"2022-08-04 16:15:17 +0530 (Thu, 04 Aug 2022)");
  script_name("Apple Mac OS X Security Update (HT209139)");

  script_tag(name:"summary", value:"Apple Mac OS X is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - Multiple input validation errors.

  - Multiple memory corruption issues.

  - An improper state management.");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers
  to execute arbitrary code, elevate privileges, disclose sensitive information
  and cause denial of service.");

  script_tag(name:"affected", value:"Apple Mac OS X versions prior to macOS Mojave 10.14.");

  script_tag(name:"solution", value:"Upgrade to Apple Mac OS X 10.14 or
  later. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");
  script_xref(name:"URL", value:"https://support.apple.com/en-us/HT209139");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mac OS X Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version");
  exit(0);
}
include("version_func.inc");
include("ssh_func.inc");

osName = get_kb_item("ssh/login/osx_name");
if(!osName)
  exit (0);

osVer = get_kb_item("ssh/login/osx_version");
if(!osVer || "Mac OS X" >!< osName)
  exit(0);

if(version_is_less(version:osVer, test_version:"10.14")) {
  report = report_fixed_ver(installed_version:osVer, fixed_version:"10.14");
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

nessus 48
apple 10
openvas 25
suse 3
ibm 9
freebsd 1
securityvulns 2
talos 1
centos 1
fedora 3
redhat 3
amazon 2
oraclelinux 4
talosblog 1
cloudfoundry 1
ubuntu 2
osv 4
nvd 15
archlinux 2
redhatcve 4
cvelist 17
cve 17
prion 13
debian 2
ubuntucve 1
mageia 1
debiancve 2
zdi 4
zdt 1
nessus
nessus
macOS < 10.14 Multiple Vulnerabilities
2018-10-18 00:00:00
macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)
2018-10-31 00:00:00
SUSE SLES12 Security Update : ovmf (SUSE-SU-2018:4207-1)
2018-12-21 00:00:00
apple
apple
About the security content of macOS Mojave 10.14
2018-09-24 00:00:00
About the security content of macOS Mojave 10.14 - Apple Support
2020-02-04 05:12:57
About the security content of watchOS 5 - Apple Support
2019-08-01 04:36:25
openvas
openvas
Apple Mac OS X Security Updates (HT209193)-06
2018-11-02 00:00:00
Apple Mac OS X Security Updates (HT209193)-05
2018-11-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:4194-1)
2021-04-19 00:00:00
suse
suse
Security update for ovmf (moderate)
2018-12-22 18:17:24
Security update for ovmf (moderate)
2018-12-22 18:09:42
Security update to ucode-intel (important)
2018-08-17 12:10:34
ibm
ibm
Security Bulletin: Vulnerabilities CVE-2017-12613 and CVE-2017-12618 in the IBM i HTTP Server affect IBM i.
2019-12-18 14:26:38
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience (CVE-2015-1794, CVE-2015-3194, CVE-2016-0702)
2018-06-16 20:00:23
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in libapr-util1 (CVE-2017-12618)
2018-07-26 20:25:22
freebsd
freebsd
LibreSSL -- Memory leak and buffer overflow
2015-10-15 00:00:00
securityvulns
securityvulns
LibreSSL security vulnerabilities
2015-10-19 00:00:00
Qualys Security Advisory - LibreSSL &#40;CVE-2015-5333 and CVE-2015-5334&#41;
2015-10-19 00:00:00
talos
talos
Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability
2019-01-03 00:00:00
centos
centos
OVMF security update
2019-08-30 03:50:09
fedora
fedora
[SECURITY] Fedora 30 Update: edk2-20190308stable-1.fc30
2019-03-31 00:05:59
[SECURITY] Fedora 29 Update: edk2-20190308stable-1.fc29
2019-04-03 03:31:40
[SECURITY] Fedora 26 Update: apr-util-1.5.4-6.fc26
2017-11-15 20:21:54
redhat
redhat
(RHSA-2019:2125) Moderate: ovmf security and enhancement update
2019-08-06 08:03:42
(RHSA-2018:2396) Important: kernel-rt security and bug fix update
2018-08-14 19:27:26
(RHSA-2018:2387) Important: kernel security and bug fix update
2018-08-14 18:50:34
amazon
amazon
Important: edk2
2019-08-23 03:26:00
Medium: apr-util
2017-12-05 21:59:00
oraclelinux
oraclelinux
edk2 security update
2019-06-06 00:00:00
ovmf security and enhancement update
2019-08-13 00:00:00
edk2 security update
2019-09-13 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Multiple Apple IntelHD5000 privilege escalation vulnerabilities
2019-01-08 10:00:00
cloudfoundry
cloudfoundry
USN-3756-1: Intel Microcode vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
ubuntu
ubuntu
Intel Microcode vulnerabilities
2018-08-27 00:00:00
APR-util vulnerability
2022-11-23 00:00:00
osv
osv
apr-util - security update
2017-11-06 00:00:00
apr-util-devel-1.6.1-7.8 on GA media
2024-06-15 00:00:00
apr-util vulnerability
2022-11-23 10:09:39
nvd
nvd
CVE-2017-12618
2017-10-24 01:29:02
CVE-2018-4393
2019-04-03 18:29:12
CVE-2018-4417
2019-04-03 18:29:14
archlinux
archlinux
[ASA-201710-33] apr-util: denial of service
2017-10-27 00:00:00
[ASA-201710-32] apr: information disclosure
2017-10-27 00:00:00
redhatcve
redhatcve
CVE-2017-12618
2017-10-26 09:48:57
CVE-2017-12613
2019-10-07 03:05:29
CVE-2017-5735
2018-10-22 06:51:23
cvelist
cvelist
CVE-2017-5735
2019-10-28 14:56:15
CVE-2018-4426
2019-04-03 17:43:18
CVE-2017-12618
2017-10-24 01:00:00
cve
cve
CVE-2017-12618
2017-10-24 01:29:02
CVE-2018-4383
2019-04-03 18:29:12
CVE-2018-4321
2019-04-03 18:29:07
prion
prion
Out-of-bounds
2017-10-24 01:29:00
Input validation
2019-04-03 18:29:00
Memory corruption
2019-04-03 18:29:00
debian
debian
[SECURITY] [DLA 1163-1] apr-util security update
2017-11-06 21:39:07
[SECURITY] [DLA 2897-1] apr security update
2022-01-24 22:36:03
ubuntucve
ubuntucve
CVE-2017-12618
2017-10-24 00:00:00
mageia
mageia
Updated apr-util packages fix security vulnerability
2017-11-27 00:18:31
debiancve
debiancve
CVE-2017-12618
2017-10-24 01:29:02
CVE-2017-12613
2017-10-24 01:29:02
zdi
zdi
Apple macOS AppleGPUWrangler Logging Uninitialized Memory Information Disclosure Vulnerability
2018-10-30 00:00:00
Apple macOS NECP Control Socket Type Confusion Privilege Escalation Vulnerability
2018-10-30 00:00:00
Apple macOS nsurlstoraged Out-Of-Bounds Read Information Disclosure Vulnerability
2018-11-05 00:00:00
zdt
zdt
XNU Kernel iOS / macOS heap buffer overflow Exploit
2018-11-06 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.951

Percentile

99.4%

JSON
Related for OPENVAS:1361412562310821282
nessus48apple10openvas25suse3ibm9freebsd1securityvulns2talos1centos1fedora3redhat3amazon2oraclelinux4talosblog1cloudfoundry1ubuntu2osv4nvd15archlinux2redhatcve4cvelist17cve17prion13debian2ubuntucve1mageia1debiancve2zdi4zdt1