macOS 10.14.x < 10.14.6 Mojave Security Update 2021-005 (HT212603)

critical Nessus Plugin ID 152039

Synopsis

The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple vulnerabilities

Description

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to Mojave Security Update 2021-005 Mojave. It is, therefore, affected by multiple vulnerabilities including the following:

- A double free issue could be exploited which could lead to arbitrary code execution with kernel privileges. This issue was addressed with improved memory management. (CVE-2021-30703)

- An issue could be exploited by tricking a user into opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. This issue was addressed by removing the vulnerable code. (CVE-2021-30790)

- An input validation issue could be exploited which could lead to arbitrary code execution with kernel privileges. This issue was addressed with input validation. (CVE-2021-30805)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 10.14.x < Mojave Security Update 2021-005 Mojave or later

See Also

https://support.apple.com/en-us/HT212603

Plugin Details

Severity: Critical

ID: 152039

File Name: macos_HT212603.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 7/23/2021

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-30805

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:macos:10.14, cpe:/o:apple:mac_os_x:10.14

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/21/2021

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2021-30672, CVE-2021-30677, CVE-2021-30703, CVE-2021-30733, CVE-2021-30759, CVE-2021-30760, CVE-2021-30765, CVE-2021-30766, CVE-2021-30777, CVE-2021-30780, CVE-2021-30781, CVE-2021-30782, CVE-2021-30783, CVE-2021-30787, CVE-2021-30788, CVE-2021-30790, CVE-2021-30793, CVE-2021-30796, CVE-2021-30799, CVE-2021-30805

APPLE-SA: APPLE-SA-2021-07-21-4, HT212603

IAVA: 2021-A-0349-S