macOS 10.15.x < Catalina Security Update 2021-004 Catalina (HT212600)

critical Nessus Plugin ID 152036

Synopsis

The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.7 Security Update 2021-004 Catalina. It is, therefore, affected by multiple vulnerabilities, including the following:

- An application may be able to execute arbitrary code with kernel privileges (CVE-2021-30805)

- Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution (CVE-2021-30790)

- A malicious application may be able to gain root privileges (CVE-2021-30672)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Description

The remote host is running a version of macOS / Mac OS X that is 0.0.x prior to Catalina Security Update 2021-004 Catalina. It is, therefore, affected by multiple vulnerabilities : Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 10.15.x < Catalina Security Update 2021-004 Catalina or later

See Also

https://support.apple.com/en-us/HT212600

Plugin Details

Severity: Critical

ID: 152036

File Name: macos_HT212600.nasl

Version: 1.6

Type: local

Agent: macosx

Published: 7/23/2021

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-30805

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:macos:10.15, cpe:/o:apple:mac_os_x:10.15

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/21/2021

Vulnerability Publication Date: 5/27/2021

Reference Information

CVE: CVE-2021-30672, CVE-2021-30677, CVE-2021-30703, CVE-2021-30731, CVE-2021-30733, CVE-2021-30759, CVE-2021-30760, CVE-2021-30765, CVE-2021-30766, CVE-2021-30768, CVE-2021-30775, CVE-2021-30776, CVE-2021-30777, CVE-2021-30780, CVE-2021-30781, CVE-2021-30782, CVE-2021-30783, CVE-2021-30785, CVE-2021-30787, CVE-2021-30788, CVE-2021-30789, CVE-2021-30790, CVE-2021-30793, CVE-2021-30796, CVE-2021-30799, CVE-2021-30805

APPLE-SA: APPLE-SA-2021-07-21, HT212600

IAVA: 2021-A-0349-S