Detections
Analytics

macOS < 10.14 Multiple Vulnerabilities

critical Nessus Plugin ID 118178

Language:

Synopsis

The remote host is missing a macOS update that fixes multiple security vulnerabilities.

Description

The remote host is running a version of Mac OS X that is prior to 10.13.6 or is not macOS 10.14. It is, therefore, affected by multiple vulnerabilities in the following components :

 - afpserver
 - AppleGraphicsControl
 - Application Firewall
 - App Store
 - APR
 - ATS
 - Auto Unlock
 - Bluetooth
 - CFNetwork
 - CoreFoundation
 - CoreText
 - Crash Reporter
 - CUPS
 - Dictionary
 - Grand Central Dispatch
 - Heimdal
 - Hypervisor
 - iBooks
 - Intel Graphics Driver
 - IOHIDFamily
 - IOKit
 - IOUserEthernet
 - Kernel
 - LibreSSL
 - Login Window
 - mDNSOffloadUserClient
 - MediaRemote
 - Microcode
 - Security
 - Spotlight
 - Symptom Framework
 - Text
 - Wi-Fi

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Solution

Upgrade to macOS version 10.14 or later.

See Also

https://support.apple.com/en-us/HT209139

http://www.nessus.org/u?27448e16

Plugin Details

Severity: Critical

ID: 118178

File Name: macos_10_14.nasl

Version: 1.7

Type: combined

Agent: macosx

Published: 10/18/2018

Updated: 4/25/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-4332

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2018-4310

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x, cpe:/o:apple:macos

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/24/2018

Vulnerability Publication Date: 9/24/2018

CISA Known Exploited Vulnerability Due Dates: 7/18/2022

Reference Information

CVE: CVE-2015-3194, CVE-2015-5333, CVE-2015-5334, CVE-2016-0702, CVE-2016-1777, CVE-2017-12613, CVE-2017-12618, CVE-2018-3639, CVE-2018-3646, CVE-2018-4126, CVE-2018-4153, CVE-2018-4203, CVE-2018-4295, CVE-2018-4304, CVE-2018-4308, CVE-2018-4310, CVE-2018-4321, CVE-2018-4324, CVE-2018-4326, CVE-2018-4331, CVE-2018-4332, CVE-2018-4333, CVE-2018-4334, CVE-2018-4336, CVE-2018-4337, CVE-2018-4338, CVE-2018-4340, CVE-2018-4341, CVE-2018-4343, CVE-2018-4344, CVE-2018-4346, CVE-2018-4347, CVE-2018-4348, CVE-2018-4350, CVE-2018-4351, CVE-2018-4353, CVE-2018-4354, CVE-2018-4355, CVE-2018-4383, CVE-2018-4393, CVE-2018-4395, CVE-2018-4396, CVE-2018-4399, CVE-2018-4401, CVE-2018-4406, CVE-2018-4407, CVE-2018-4408, CVE-2018-4411, CVE-2018-4412, CVE-2018-4414, CVE-2018-4417, CVE-2018-4418, CVE-2018-4425, CVE-2018-4426, CVE-2018-5383

BID: 85054, 104879

APPLE-SA: APPLE-SA-2018-09-24-1