Detections
Analytics

macOS 10.15.x < 10.15.1 / 10.14.x < 10.14.6 Security Update 2019-001 / 10.13.x < 10.13.6 Security Update 2019-006

critical Nessus Plugin ID 130967

Language:

Synopsis

The remote host is missing a macOS or Mac OS X security update that fixes multiple vulnerabilities.

Description

The remote host is running a version of macOS or Mac OS X that is 10.15.x prior to 10.15.1, 10.14.x prior to 10.14.6 security update 2019-001, 10.13.x prior to 10.13.6 security update 2019-006. It is, therefore, affected by multiple vulnerabilities :

 - An out-of-bounds read error exists in the accounts component due to improper input validation. A remote attacker can exploit this, to disclose memory contents. (CVE-2019-8787)

 - A security bypass vulnerability exists in the App Store component due to an improper state management implementation. A local attacker can exploit this, to login to the account of a previously logged in user without valid credentials. (CVE-2019-8803)

 - An out-of-bounds read error exists in the IOGraphics component due to improper bounds checking. A local attacker can exploit this, to cause unexpected system termination or to read kernel memory. (CVE-2019-8759)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 10.15.1 / 10.14.6 security update 2019-001 / 10.13.6 security update 2019-006 or later

See Also

http://www.nessus.org/u?39d6c45e

Plugin Details

Severity: Critical

ID: 130967

File Name: macos_HT210722.nasl

Version: 1.10

Type: combined

Agent: macosx

Published: 11/13/2019

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-8716

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2019-8767

Vulnerability Information

CPE: cpe:/o:apple:macos:10.14, cpe:/o:apple:macos:10.15, cpe:/o:apple:mac_os_x:10.14, cpe:/o:apple:mac_os_x:10.13, cpe:/o:apple:macos:10.13, cpe:/o:apple:mac_os_x:10.15

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/29/2019

Vulnerability Publication Date: 10/29/2019

Reference Information

CVE: CVE-2017-7152, CVE-2018-12152, CVE-2018-12153, CVE-2018-12154, CVE-2019-11041, CVE-2019-11042, CVE-2019-15126, CVE-2019-8509, CVE-2019-8592, CVE-2019-8705, CVE-2019-8706, CVE-2019-8708, CVE-2019-8709, CVE-2019-8715, CVE-2019-8716, CVE-2019-8717, CVE-2019-8736, CVE-2019-8737, CVE-2019-8744, CVE-2019-8745, CVE-2019-8746, CVE-2019-8748, CVE-2019-8749, CVE-2019-8750, CVE-2019-8754, CVE-2019-8756, CVE-2019-8759, CVE-2019-8761, CVE-2019-8767, CVE-2019-8772, CVE-2019-8784, CVE-2019-8785, CVE-2019-8786, CVE-2019-8787, CVE-2019-8788, CVE-2019-8789, CVE-2019-8794, CVE-2019-8797, CVE-2019-8798, CVE-2019-8801, CVE-2019-8802, CVE-2019-8803, CVE-2019-8805, CVE-2019-8807, CVE-2019-8817, CVE-2019-8824, CVE-2019-8825, CVE-2019-8829, CVE-2019-8831, CVE-2019-8850, CVE-2019-8858

BID: 103136, 105582

APPLE-SA: APPLE-SA-2019-10-29, HT210722