macOS 10.14.x < 10.14.6 Security Update 2021-002 / 10.15.x < 10.15.7 Supplemental Update / macOS 11.x < 11.2.1 (HT212177)

high Nessus Plugin ID 146427

Synopsis

The remote host is missing a macOS security update.

Description

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2021-002 Mojave, 10.15.x prior to 10.15.7 Supplemental Update Catalina, or 11.x prior to 11.2.1 Big Sur. It is, therefore, affected by multiple vulnerabilities, including the following:

- An out-of-bounds-write vulnerability caused by insufficient input validation that allows an application to execute arbitrary code with kernel privileges. (CVE-2021-1805)

- A race condition due to insufficient validation that allows an application to execute arbitrary code with kernel privileges. (CVE-2021-1806)

- A local privilege elevation vulnerability in sudo caused by a heap-based buffer overflow. (CVE-2021-3156)


Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 10.14.6 Security Update 2021-002 / 10.15.7 Supplemental Update / macOS 11.2.1 or later.

See Also

https://support.apple.com/en-us/HT212177

Plugin Details

Severity: High

ID: 146427

File Name: macos_HT212177.nasl

Version: 1.13

Type: local

Agent: macosx

Published: 2/11/2021

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-1805

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2021-3156

Vulnerability Information

CPE: cpe:/o:apple:macos:10.14, cpe:/o:apple:macos:11.0, cpe:/o:apple:macos:10.15, cpe:/o:apple:mac_os_x:11.0, cpe:/o:apple:mac_os_x:10.14, cpe:/o:apple:mac_os_x:10.15

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/9/2021

Vulnerability Publication Date: 2/9/2021

CISA Known Exploited Vulnerability Due Dates: 4/27/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Sudo Heap-Based Buffer Overflow)

Reference Information

CVE: CVE-2021-1805, CVE-2021-1806, CVE-2021-3156

APPLE-SA: APPLE-SA-2021-02-09-1, HT212177

IAVA: 2021-A-0085-S