libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.7.6. It is, therefore, affected by multiple vulnerabilities:

  - A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to     the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading     to a denial of service. (CVE-2023-52356)

  - An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a     remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
    (CVE-2023-6277)

  - When a protocol selection parameter option disables all protocols without adding any then the default set     of protocols would remain in the allowed set due to an error in the logic for removing protocols. The     below command would perform a request to curl.se with a plaintext protocol which has been explicitly     disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols     disables the entire set of available protocols, in itself a command with no practical use and therefore     unlikely to be encountered in real situations. The curl security team has thus assessed this to be low     severity bug. (CVE-2024-2004)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6,     macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another     user. (CVE-2024-23261)

  - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and     iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel     memory protections. Apple is aware of a report that this issue may have been exploited. (CVE-2024-23296)

  - libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to     use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the     verification and returns OK, thus ignoring any certificate problems. (CVE-2024-2379)

  - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers     for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting,     libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.
    Further, this error condition fails silently and is therefore not easily detected by an application.
    (CVE-2024-2398)

  - libcurl did not check the server certificate of TLS connections done to a host specified as an IP address,     when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified     hostname was given as an IP address, therefore completely skipping the certificate check. This affects all     uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). (CVE-2024-2466)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS     Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An     app may be able to execute arbitrary code with kernel privileges. (CVE-2024-27826)

  - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS     Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.
    (CVE-2024-27873)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-     service or potentially disclose memory contents. (CVE-2024-27877)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access information     about a user's contacts. (CVE-2024-27881)

  - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file     system. (CVE-2024-27882, CVE-2024-27883)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma     14.6. An app may be able to bypass Privacy preferences. (CVE-2024-40774)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user     information. (CVE-2024-40775)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. (CVE-2024-40781,     CVE-2024-40802)

  - The issue was addressed with improved restriction of data container access. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious application may be able to bypass     Privacy preferences. (CVE-2024-40783)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to bypass Internet permission requirements. (CVE-2024-40787)

  - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS     17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.
    (CVE-2024-40788)

  - This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS     16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma     14.6. An app may be able to access user-sensitive data. (CVE-2024-40793)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Private     browsing may leak some browsing history. (CVE-2024-40796)

  - This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS     Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able     to read Safari's browsing history. (CVE-2024-40798)

  - An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS     10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to     unexpected app termination. (CVE-2024-40799, CVE-2024-40806)

  - An input validation issue was addressed with improved input validation. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of     the file system. (CVE-2024-40800)

  - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.
    (CVE-2024-40803)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without     prompting the user. (CVE-2024-40807)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS     Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. (CVE-2024-40809,     CVE-2024-40812)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to cause unexpected system     shutdown. (CVE-2024-40816)

  - The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to     UI spoofing. (CVE-2024-40817)

  - An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct     sandbox restrictions. (CVE-2024-40821)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data. (CVE-2024-40823)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to overwrite arbitrary files. (CVE-2024-40827)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges. (CVE-2024-40828)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and     iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data     with certain actions without prompting the user. (CVE-2024-40833)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive     Shortcuts app settings. (CVE-2024-40834)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to use sensitive data with certain actions without prompting the user.
    (CVE-2024-40835)

  - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition     which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be     able to trigger it by failing to authenticate within a set time period. (CVE-2024-6387)

  - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 (inclusive) may allow arbitrary code     execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc     systems with ASLR. According to OpenSSH, the attack has been tested under lab conditions and requires on     average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on     64-bit systems is believed to be possible but has not been demonstrated at this time.  (CVE-2024-6387)

  - An issue in the handling of URL protocols was addressed with improved logic. (CVE-2024-44205)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.6.8. It is, therefore, affected by multiple vulnerabilities:

  - A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to     the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading     to a denial of service. (CVE-2023-52356)

  - An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a     remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
    (CVE-2023-6277)

  - When a protocol selection parameter option disables all protocols without adding any then the default set     of protocols would remain in the allowed set due to an error in the logic for removing protocols. The     below command would perform a request to curl.se with a plaintext protocol which has been explicitly     disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols     disables the entire set of available protocols, in itself a command with no practical use and therefore     unlikely to be encountered in real situations. The curl security team has thus assessed this to be low     severity bug. (CVE-2024-2004)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6,     macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another     user. (CVE-2024-23261)

  - libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to     use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the     verification and returns OK, thus ignoring any certificate problems. (CVE-2024-2379)

  - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers     for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting,     libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.
    Further, this error condition fails silently and is therefore not easily detected by an application.
    (CVE-2024-2398)

  - libcurl did not check the server certificate of TLS connections done to a host specified as an IP address,     when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified     hostname was given as an IP address, therefore completely skipping the certificate check. This affects all     uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). (CVE-2024-2466)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS     Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An     app may be able to execute arbitrary code with kernel privileges. (CVE-2024-27826)

  - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS     Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.
    (CVE-2024-27873)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-     service or potentially disclose memory contents. (CVE-2024-27877)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access information     about a user's contacts. (CVE-2024-27881)

  - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file     system. (CVE-2024-27882, CVE-2024-27883)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma     14.6. An app may be able to bypass Privacy preferences. (CVE-2024-40774)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user     information. (CVE-2024-40775)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. (CVE-2024-40781,     CVE-2024-40802)

  - The issue was addressed with improved restriction of data container access. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious application may be able to bypass     Privacy preferences. (CVE-2024-40783)

  - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3,     macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
    (CVE-2024-40784)

  - This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS     17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view sensitive user     information. (CVE-2024-40786)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to bypass Internet permission requirements. (CVE-2024-40787)

  - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS     17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.
    (CVE-2024-40788)

  - This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS     16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma     14.6. An app may be able to access user-sensitive data. (CVE-2024-40793)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Private     browsing may leak some browsing history. (CVE-2024-40796)

  - This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS     Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able     to read Safari's browsing history. (CVE-2024-40798)

  - An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS     10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to     unexpected app termination. (CVE-2024-40799, CVE-2024-40806)

  - An input validation issue was addressed with improved input validation. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of     the file system. (CVE-2024-40800)

  - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.
    (CVE-2024-40803)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without     prompting the user. (CVE-2024-40807)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS     Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. (CVE-2024-40809,     CVE-2024-40812)

  - A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8,     iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary     read and write capability may be able to bypass Pointer Authentication. (CVE-2024-40815)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to cause unexpected system     shutdown. (CVE-2024-40816)

  - The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to     UI spoofing. (CVE-2024-40817)

  - This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6.
    An attacker with physical access may be able to use Siri to access sensitive user data. (CVE-2024-40818)

  - An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct     sandbox restrictions. (CVE-2024-40821)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data. (CVE-2024-40823)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to overwrite arbitrary files. (CVE-2024-40827)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges. (CVE-2024-40828)

  - The issue was addressed with improved checks. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS     17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view restricted     content from the lock screen. (CVE-2024-40829)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and     iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data     with certain actions without prompting the user. (CVE-2024-40833)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive     Shortcuts app settings. (CVE-2024-40834)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to use sensitive data with certain actions without prompting the user.
    (CVE-2024-40835)

  - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition     which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be     able to trigger it by failing to authenticate within a set time period. (CVE-2024-6387)

  - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 (inclusive) may allow arbitrary code     execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc     systems with ASLR. According to OpenSSH, the attack has been tested under lab conditions and requires on     average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on     64-bit systems is believed to be possible but has not been demonstrated at this time.  (CVE-2024-6387)

  - An issue in the handling of URL protocols was addressed with improved logic. (CVE-2024-44205)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.6. It is, therefore, affected by multiple vulnerabilities:

  - A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app     may bypass Gatekeeper checks. (CVE-2023-27952)

  - Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators     to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709)

  - A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to     the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading     to a denial of service. (CVE-2023-52356)

  - An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a     remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
    (CVE-2023-6277)

  - When a protocol selection parameter option disables all protocols without adding any then the default set     of protocols would remain in the allowed set due to an error in the logic for removing protocols. The     below command would perform a request to curl.se with a plaintext protocol which has been explicitly     disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols     disables the entire set of available protocols, in itself a command with no practical use and therefore     unlikely to be encountered in real situations. The curl security team has thus assessed this to be low     severity bug. (CVE-2024-2004)

  - libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to     use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the     verification and returns OK, thus ignoring any certificate problems. (CVE-2024-2379)

  - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers     for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting,     libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.
    Further, this error condition fails silently and is therefore not easily detected by an application.
    (CVE-2024-2398)

  - libcurl did not check the server certificate of TLS connections done to a host specified as an IP address,     when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified     hostname was given as an IP address, therefore completely skipping the certificate check. This affects all     uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). (CVE-2024-2466)

  - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject     malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are     recommended to upgrade to version 2.4.59, which fixes this issue. (CVE-2024-24795)

  - HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an     informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
    (CVE-2024-27316)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6.
    Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled.
    (CVE-2024-27862)

  - An information disclosure issue was addressed with improved private data redaction for log entries. This     issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A     local attacker may be able to determine kernel memory layout. (CVE-2024-27863)

  - A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.6,     iOS 17.6 and iPadOS 17.6. An app may be able to access protected user data. (CVE-2024-27871)

  - This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6.
    An app may be able to access protected user data. (CVE-2024-27872)

  - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS     Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.
    (CVE-2024-27873)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-     service or potentially disclose memory contents. (CVE-2024-27877)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma     14.6. An app with root privileges may be able to execute arbitrary code with kernel privileges.
    (CVE-2024-27878)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access information     about a user's contacts. (CVE-2024-27881)

  - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file     system. (CVE-2024-27882, CVE-2024-27883)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma     14.6. An app may be able to bypass Privacy preferences. (CVE-2024-40774)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user     information. (CVE-2024-40775)

  - A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9     and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS     Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
    (CVE-2024-40776, CVE-2024-40782)

  - An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6     and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously     crafted file may lead to unexpected app termination. (CVE-2024-40777)

  - An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma     14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. Photos in the Hidden Photos Album may be     viewed without authentication. (CVE-2024-40778)

  - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma     14.6. Processing maliciously crafted web content may lead to an unexpected process crash. (CVE-2024-40779,     CVE-2024-40780)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. (CVE-2024-40781,     CVE-2024-40802)

  - The issue was addressed with improved restriction of data container access. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious application may be able to bypass     Privacy preferences. (CVE-2024-40783)

  - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3,     macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
    (CVE-2024-40784)

  - This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari     17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing     maliciously crafted web content may lead to a cross site scripting attack. (CVE-2024-40785)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to bypass Internet permission requirements. (CVE-2024-40787)

  - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS     17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.
    (CVE-2024-40788)

  - An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3,     macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
    (CVE-2024-40789)

  - This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS     16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma     14.6. An app may be able to access user-sensitive data. (CVE-2024-40793)

  - This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS     17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.
    (CVE-2024-40794)

  - This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma     14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to read sensitive location information.
    (CVE-2024-40795)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Private     browsing may leak some browsing history. (CVE-2024-40796)

  - This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS     Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able     to read Safari's browsing history. (CVE-2024-40798)

  - An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS     10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to     unexpected app termination. (CVE-2024-40799, CVE-2024-40806)

  - An input validation issue was addressed with improved input validation. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of     the file system. (CVE-2024-40800)

  - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.
    (CVE-2024-40803)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A malicious     application may be able to access private information. (CVE-2024-40804)

  - A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS     Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.
    (CVE-2024-40805)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without     prompting the user. (CVE-2024-40807)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS     Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. (CVE-2024-40809,     CVE-2024-40812)

  - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS     Sonoma 14.6. An app may be able to cause a coprocessor crash. (CVE-2024-40810)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able     to modify protected parts of the file system. (CVE-2024-40811)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Sonoma 14.6. An app may be able to bypass Privacy preferences. (CVE-2024-40814)

  - A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8,     iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary     read and write capability may be able to bypass Pointer Authentication. (CVE-2024-40815)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to cause unexpected system     shutdown. (CVE-2024-40816)

  - The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to     UI spoofing. (CVE-2024-40817)

  - This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6.
    An attacker with physical access may be able to use Siri to access sensitive user data. (CVE-2024-40818)

  - An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct     sandbox restrictions. (CVE-2024-40821)

  - This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS     10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. An attacker with physical     access to a device may be able to access contacts from the lock screen. (CVE-2024-40822)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data. (CVE-2024-40823)

  - This issue was addressed through improved state management. This issue is fixed in watchOS 10.6, macOS     Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.
    (CVE-2024-40824)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to overwrite arbitrary files. (CVE-2024-40827)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges. (CVE-2024-40828)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able     to view a contact's phone number in system logs. (CVE-2024-40832)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and     iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data     with certain actions without prompting the user. (CVE-2024-40833)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive     Shortcuts app settings. (CVE-2024-40834)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to use sensitive data with certain actions without prompting the user.
    (CVE-2024-40835)

  - A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6,     iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. A shortcut may be able to use sensitive data with     certain actions without prompting the user. (CVE-2024-40836)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A person with     physical access to an unlocked Mac may be able to gain root code execution. (CVE-2024-44141)

  - The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6,     watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may     lead to an unexpected process crash. (CVE-2024-44185)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS     Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs. (CVE-2024-44205)

  - An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS     17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be     able to bypass some web content restrictions. (CVE-2024-44206)

  - Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-4558)

  - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition     which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be     able to trigger it by failing to authenticate within a set time period. (CVE-2024-6387)

  - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 (inclusive) may allow arbitrary code     execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc     systems with ASLR. According to OpenSSH, the attack has been tested under lab conditions and requires on     average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on     64-bit systems is believed to be possible but has not been demonstrated at this time.  (CVE-2024-6387)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

According to its self-reported version, the Tenable Security Center running on the remote host is 6.2.1, 6.3.0 or 6.4.0.
It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-13 advisory.

  - Security Center leverages third-party software to help provide underlying functionality. Several of the     third-party components (Apache, libcurl) were found to contain vulnerabilities, and updated versions have     been made available by the providers.Out of caution and in line with best practice, Tenable has opted to     upgrade these components to address the potential impact of the issues. Security Center Patch SC-202408.1     updates Apache to version 2.4.62 and libcurl to version 8.8.0 to address the identified vulnerabilities.
    Tenable has released Security Center Patch SC-202408.1 to address these issues. The installation files can     be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/security-center     (CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-36387, CVE-2024-38472,     CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573,     CVE-2024-39884, CVE-2024-40725, CVE-2024-40898, CVE-2024-6197, CVE-2024-6874)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.7.6. It is, therefore, affected by multiple vulnerabilities:

  - A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to     the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading     to a denial of service. (CVE-2023-52356)

  - An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a     remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
    (CVE-2023-6277)

  - When a protocol selection parameter option disables all protocols without adding any then the default set     of protocols would remain in the allowed set due to an error in the logic for removing protocols. The     below command would perform a request to curl.se with a plaintext protocol which has been explicitly     disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols     disables the entire set of available protocols, in itself a command with no practical use and therefore     unlikely to be encountered in real situations. The curl security team has thus assessed this to be low     severity bug. (CVE-2024-2004)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6,     macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another     user. (CVE-2024-23261)

  - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and     iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel     memory protections. Apple is aware of a report that this issue may have been exploited. (CVE-2024-23296)

  - libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to     use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the     verification and returns OK, thus ignoring any certificate problems. (CVE-2024-2379)

  - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers     for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting,     libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.
    Further, this error condition fails silently and is therefore not easily detected by an application.
    (CVE-2024-2398)

  - libcurl did not check the server certificate of TLS connections done to a host specified as an IP address,     when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified     hostname was given as an IP address, therefore completely skipping the certificate check. This affects all     uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). (CVE-2024-2466)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS     Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An     app may be able to execute arbitrary code with kernel privileges. (CVE-2024-27826)

  - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS     Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.
    (CVE-2024-27873)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-     service or potentially disclose memory contents. (CVE-2024-27877)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access information     about a user's contacts. (CVE-2024-27881)

  - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file     system. (CVE-2024-27882, CVE-2024-27883)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma     14.6. An app may be able to bypass Privacy preferences. (CVE-2024-40774)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user     information. (CVE-2024-40775)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. (CVE-2024-40781,     CVE-2024-40802)

  - The issue was addressed with improved restriction of data container access. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious application may be able to bypass     Privacy preferences. (CVE-2024-40783)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to bypass Internet permission requirements. (CVE-2024-40787)

  - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS     17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.
    (CVE-2024-40788)

  - This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS     16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma     14.6. An app may be able to access user-sensitive data. (CVE-2024-40793)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Private     browsing may leak some browsing history. (CVE-2024-40796)

  - This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS     Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able     to read Safari's browsing history. (CVE-2024-40798)

  - An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS     10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to     unexpected app termination. (CVE-2024-40799, CVE-2024-40806)

  - An input validation issue was addressed with improved input validation. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of     the file system. (CVE-2024-40800)

  - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.
    (CVE-2024-40803)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without     prompting the user. (CVE-2024-40807)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS     Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. (CVE-2024-40809,     CVE-2024-40812)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to cause unexpected system     shutdown. (CVE-2024-40816)

  - The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to     UI spoofing. (CVE-2024-40817)

  - An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct     sandbox restrictions. (CVE-2024-40821)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data. (CVE-2024-40823)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to overwrite arbitrary files. (CVE-2024-40827)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges. (CVE-2024-40828)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and     iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data     with certain actions without prompting the user. (CVE-2024-40833)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive     Shortcuts app settings. (CVE-2024-40834)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to use sensitive data with certain actions without prompting the user.
    (CVE-2024-40835)

  - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition     which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be     able to trigger it by failing to authenticate within a set time period. (CVE-2024-6387)

  - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 (inclusive) may allow arbitrary code     execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc     systems with ASLR. According to OpenSSH, the attack has been tested under lab conditions and requires on     average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on     64-bit systems is believed to be possible but has not been demonstrated at this time.  (CVE-2024-6387)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.6.8. It is, therefore, affected by multiple vulnerabilities:

  - A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to     the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading     to a denial of service. (CVE-2023-52356)

  - An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a     remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
    (CVE-2023-6277)

  - When a protocol selection parameter option disables all protocols without adding any then the default set     of protocols would remain in the allowed set due to an error in the logic for removing protocols. The     below command would perform a request to curl.se with a plaintext protocol which has been explicitly     disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols     disables the entire set of available protocols, in itself a command with no practical use and therefore     unlikely to be encountered in real situations. The curl security team has thus assessed this to be low     severity bug. (CVE-2024-2004)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6,     macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another     user. (CVE-2024-23261)

  - libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to     use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the     verification and returns OK, thus ignoring any certificate problems. (CVE-2024-2379)

  - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers     for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting,     libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.
    Further, this error condition fails silently and is therefore not easily detected by an application.
    (CVE-2024-2398)

  - libcurl did not check the server certificate of TLS connections done to a host specified as an IP address,     when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified     hostname was given as an IP address, therefore completely skipping the certificate check. This affects all     uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). (CVE-2024-2466)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS     Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An     app may be able to execute arbitrary code with kernel privileges. (CVE-2024-27826)

  - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS     Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.
    (CVE-2024-27873)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-     service or potentially disclose memory contents. (CVE-2024-27877)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access information     about a user's contacts. (CVE-2024-27881)

  - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file     system. (CVE-2024-27882, CVE-2024-27883)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma     14.6. An app may be able to bypass Privacy preferences. (CVE-2024-40774)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user     information. (CVE-2024-40775)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. (CVE-2024-40781,     CVE-2024-40802)

  - The issue was addressed with improved restriction of data container access. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious application may be able to bypass     Privacy preferences. (CVE-2024-40783)

  - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3,     macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
    (CVE-2024-40784)

  - This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS     17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view sensitive user     information. (CVE-2024-40786)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to bypass Internet permission requirements. (CVE-2024-40787)

  - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS     17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.
    (CVE-2024-40788)

  - This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS     16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma     14.6. An app may be able to access user-sensitive data. (CVE-2024-40793)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Private     browsing may leak some browsing history. (CVE-2024-40796)

  - This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS     Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able     to read Safari's browsing history. (CVE-2024-40798)

  - An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS     10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to     unexpected app termination. (CVE-2024-40799, CVE-2024-40806)

  - An input validation issue was addressed with improved input validation. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of     the file system. (CVE-2024-40800)

  - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.
    (CVE-2024-40803)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without     prompting the user. (CVE-2024-40807)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS     Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. (CVE-2024-40809,     CVE-2024-40812)

  - A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8,     iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary     read and write capability may be able to bypass Pointer Authentication. (CVE-2024-40815)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to cause unexpected system     shutdown. (CVE-2024-40816)

  - The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to     UI spoofing. (CVE-2024-40817)

  - This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6.
    An attacker with physical access may be able to use Siri to access sensitive user data. (CVE-2024-40818)

  - An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct     sandbox restrictions. (CVE-2024-40821)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data. (CVE-2024-40823)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to overwrite arbitrary files. (CVE-2024-40827)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges. (CVE-2024-40828)

  - The issue was addressed with improved checks. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS     17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view restricted     content from the lock screen. (CVE-2024-40829)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and     iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data     with certain actions without prompting the user. (CVE-2024-40833)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive     Shortcuts app settings. (CVE-2024-40834)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to use sensitive data with certain actions without prompting the user.
    (CVE-2024-40835)

  - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition     which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be     able to trigger it by failing to authenticate within a set time period. (CVE-2024-6387)

  - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 (inclusive) may allow arbitrary code     execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc     systems with ASLR. According to OpenSSH, the attack has been tested under lab conditions and requires on     average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on     64-bit systems is believed to be possible but has not been demonstrated at this time.  (CVE-2024-6387)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.6. It is, therefore, affected by multiple vulnerabilities:

  - A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app     may bypass Gatekeeper checks. (CVE-2023-27952)

  - Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators     to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709)

  - A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to     the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading     to a denial of service. (CVE-2023-52356)

  - An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a     remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
    (CVE-2023-6277)

  - When a protocol selection parameter option disables all protocols without adding any then the default set     of protocols would remain in the allowed set due to an error in the logic for removing protocols. The     below command would perform a request to curl.se with a plaintext protocol which has been explicitly     disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols     disables the entire set of available protocols, in itself a command with no practical use and therefore     unlikely to be encountered in real situations. The curl security team has thus assessed this to be low     severity bug. (CVE-2024-2004)

  - libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to     use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the     verification and returns OK, thus ignoring any certificate problems. (CVE-2024-2379)

  - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers     for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting,     libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.
    Further, this error condition fails silently and is therefore not easily detected by an application.
    (CVE-2024-2398)

  - libcurl did not check the server certificate of TLS connections done to a host specified as an IP address,     when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified     hostname was given as an IP address, therefore completely skipping the certificate check. This affects all     uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). (CVE-2024-2466)

  - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject     malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are     recommended to upgrade to version 2.4.59, which fixes this issue. (CVE-2024-24795)

  - HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an     informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
    (CVE-2024-27316)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6.
    Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled.
    (CVE-2024-27862)

  - An information disclosure issue was addressed with improved private data redaction for log entries. This     issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A     local attacker may be able to determine kernel memory layout. (CVE-2024-27863)

  - A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.6,     iOS 17.6 and iPadOS 17.6. An app may be able to access protected user data. (CVE-2024-27871)

  - This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6.
    An app may be able to access protected user data. (CVE-2024-27872)

  - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, macOS     Sonoma 14.6. Processing a maliciously crafted video file may lead to unexpected app termination.
    (CVE-2024-27873)

  - The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-     service or potentially disclose memory contents. (CVE-2024-27877)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma     14.6. An app with root privileges may be able to execute arbitrary code with kernel privileges.
    (CVE-2024-27878)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access information     about a user's contacts. (CVE-2024-27881)

  - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file     system. (CVE-2024-27882, CVE-2024-27883)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma     14.6. An app may be able to bypass Privacy preferences. (CVE-2024-40774)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to leak sensitive user     information. (CVE-2024-40775)

  - A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9     and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS     Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
    (CVE-2024-40776, CVE-2024-40782)

  - An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6     and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously     crafted file may lead to unexpected app termination. (CVE-2024-40777)

  - An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma     14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. Photos in the Hidden Photos Album may be     viewed without authentication. (CVE-2024-40778)

  - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma     14.6. Processing maliciously crafted web content may lead to an unexpected process crash. (CVE-2024-40779,     CVE-2024-40780)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. (CVE-2024-40781,     CVE-2024-40802)

  - The issue was addressed with improved restriction of data container access. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious application may be able to bypass     Privacy preferences. (CVE-2024-40783)

  - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3,     macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
    (CVE-2024-40784)

  - This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari     17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing     maliciously crafted web content may lead to a cross site scripting attack. (CVE-2024-40785)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to bypass Internet permission requirements. (CVE-2024-40787)

  - A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and     iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS     17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown.
    (CVE-2024-40788)

  - An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3,     macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
    (CVE-2024-40789)

  - This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS     16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma     14.6. An app may be able to access user-sensitive data. (CVE-2024-40793)

  - This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS     17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication.
    (CVE-2024-40794)

  - This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma     14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to read sensitive location information.
    (CVE-2024-40795)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Private     browsing may leak some browsing history. (CVE-2024-40796)

  - This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS     Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able     to read Safari's browsing history. (CVE-2024-40798)

  - An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS     10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to     unexpected app termination. (CVE-2024-40799, CVE-2024-40806)

  - An input validation issue was addressed with improved input validation. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of     the file system. (CVE-2024-40800)

  - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS     Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause unexpected app termination.
    (CVE-2024-40803)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A malicious     application may be able to access private information. (CVE-2024-40804)

  - A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS     Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.
    (CVE-2024-40805)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without     prompting the user. (CVE-2024-40807)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS     Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. (CVE-2024-40809,     CVE-2024-40812)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able     to modify protected parts of the file system. (CVE-2024-40811)

  - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS     Sonoma 14.6. An app may be able to bypass Privacy preferences. (CVE-2024-40814)

  - A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8,     iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious attacker with arbitrary     read and write capability may be able to bypass Pointer Authentication. (CVE-2024-40815)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to cause unexpected system     shutdown. (CVE-2024-40816)

  - The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6,     macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to     UI spoofing. (CVE-2024-40817)

  - This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS     16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6.
    An attacker with physical access may be able to use Siri to access sensitive user data. (CVE-2024-40818)

  - An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma     14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Third party app extensions may not receive the correct     sandbox restrictions. (CVE-2024-40821)

  - This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS     10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. An attacker with physical     access to a device may be able to access contacts from the lock screen. (CVE-2024-40822)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data. (CVE-2024-40823)

  - This issue was addressed through improved state management. This issue is fixed in watchOS 10.6, macOS     Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.
    (CVE-2024-40824)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. An app may be able to overwrite arbitrary files. (CVE-2024-40827)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey     12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges. (CVE-2024-40828)

  - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able     to view a contact's phone number in system logs. (CVE-2024-40832)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and     iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data     with certain actions without prompting the user. (CVE-2024-40833)

  - This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS     Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive     Shortcuts app settings. (CVE-2024-40834)

  - A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9,     macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A     shortcut may be able to use sensitive data with certain actions without prompting the user.
    (CVE-2024-40835)

  - A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6,     iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. A shortcut may be able to use sensitive data with     certain actions without prompting the user. (CVE-2024-40836)

  - Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-4558)

  - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition     which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be     able to trigger it by failing to authenticate within a set time period. (CVE-2024-6387)

  - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 (inclusive) may allow arbitrary code     execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc     systems with ASLR. According to OpenSSH, the attack has been tested under lab conditions and requires on     average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on     64-bit systems is believed to be possible but has not been demonstrated at this time.  (CVE-2024-6387)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2693 advisory.

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This     software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under     Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update     experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 4 serves as a     replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3, and includes bug     fixes and enhancements, which are documented in the Release Notes linked to in the References section.

    Security Fix(es):

    * curl: Usage of disabled protocol (CVE-2024-2004)
    * curl: QUIC certificate check bypass with wolfSSL (CVE-2024-2379)
    * curl: HTTP/2 push headers memory-leak (CVE-2024-2398)
    * curl: TLS certificate check bypass with mbedTLS (CVE-2024-2466)
    * jbcs-httpd24-httpd: httpd: CONTINUATION frames DoS (CVE-2024-27316)
    * jbcs-httpd24-mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316)
    * jbcs-httpd24-nghttp2: httpd: CONTINUATION frames DoS (CVE-2024-27316)
    * jbcs-httpd24-nghttp2: nghttp2: CONTINUATION frames DoS (CVE-2024-28182)

    A Red Hat Security Bulletin which addresses further details about this flaw is available in the References     section.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Curl installed on the remote host is between 8.6.0 and prior to 8.7.0. It is, therefore, affected by a certificate check bypass vulnerability. libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of curl installed on the remote host is prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-087-01 advisory.

  - When a protocol selection parameter option disables all protocols without adding any then the default set     of protocols would remain in the allowed set due to an error in the logic for removing protocols. The     below command would perform a request to curl.se with a plaintext protocol which has been explicitly     disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols     disables the entire set of available protocols, in itself a command with no practical use and therefore     unlikely to be encountered in real situations. The curl security team has thus assessed this to be low     severity bug. (CVE-2024-2004)

  - libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to     use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the     verification and returns OK, thus ignoring any certificate problems. (CVE-2024-2379)

  - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers     for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting,     libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.
    Further, this error condition fails silently and is therefore not easily detected by an application.
    (CVE-2024-2398)

  - libcurl did not check the server certificate of TLS connections done to a host specified as an IP address,     when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified     hostname was given as an IP address, therefore completely skipping the certificate check. This affects all     uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). (CVE-2024-2466)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
209386	macOS 12.x < 12.7.6 Multiple Vulnerabilities (120910)	Nessus	MacOS X Local Security Checks	high
207227	macOS 13.x < 13.6.8 Multiple Vulnerabilities (120912)	Nessus	MacOS X Local Security Checks	high
207226	macOS 14.x < 14.6 Multiple Vulnerabilities (120911)	Nessus	MacOS X Local Security Checks	high
205527	Tenable Security Center Multiple Vulnerabilities (TNS-2024-13)	Nessus	Misc.	critical
204840	macOS 12.x < 12.7.6 Multiple Vulnerabilities (HT214118)	Nessus	MacOS X Local Security Checks	high
204839	macOS 13.x < 13.6.8 Multiple Vulnerabilities (HT214120)	Nessus	MacOS X Local Security Checks	high
204837	macOS 14.x < 14.6 Multiple Vulnerabilities (HT214119)	Nessus	MacOS X Local Security Checks	high
195128	RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP4 (RHSA-2024:2693)	Nessus	Red Hat Local Security Checks	high
192705	Curl 8.6.0 < 8.7.0 QUIC Certificate Check Bypass (CVE-2024-2379)	Nessus	Misc.	medium
192632	Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2024-087-01)	Nessus	Slackware Local Security Checks	high

Detections

Analytics

CVE-2024-2379

medium

Tenable Plugins

high

high

high

critical

high

high

high

high

medium

high