Detections
Analytics

macOS 15.x < 15.0 Multiple Vulnerabilities (121238)

critical Nessus Plugin ID 213517

Language:

Synopsis

The remote host is missing a macOS update that fixes multiple vulnerabilities

Description

The remote host is running a version of macOS / Mac OS X that is 15.x prior to the full release of 15.0. It is, therefore, affected by multiple vulnerabilities:

 - This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. (CVE-2024-44148)

 - Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. (CVE-2023-4504)

 - Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library. (CVE-2023-5841)

 - The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service. (CVE-2024-23237)

 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet. (CVE-2024-27795)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to the full release of macOS 15.0 or later.

See Also

https://support.apple.com/en-us/121238

Plugin Details

Severity: Critical

ID: 213517

File Name: macos_121238.nasl

Version: 1.1

Type: local

Agent: macosx

Published: 1/7/2025

Updated: 1/7/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-44148

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:macos:15.0, cpe:/o:apple:mac_os_x:15.0

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/28/2024

Vulnerability Publication Date: 9/20/2023

Reference Information

CVE: CVE-2023-4504, CVE-2023-5841, CVE-2024-23237, CVE-2024-27795, CVE-2024-27849, CVE-2024-27858, CVE-2024-27860, CVE-2024-27861, CVE-2024-27869, CVE-2024-27875, CVE-2024-27876, CVE-2024-27880, CVE-2024-39894, CVE-2024-40770, CVE-2024-40791, CVE-2024-40792, CVE-2024-40797, CVE-2024-40801, CVE-2024-40825, CVE-2024-40826, CVE-2024-40831, CVE-2024-40837, CVE-2024-40838, CVE-2024-40841, CVE-2024-40842, CVE-2024-40843, CVE-2024-40844, CVE-2024-40845, CVE-2024-40846, CVE-2024-40847, CVE-2024-40848, CVE-2024-40850, CVE-2024-40855, CVE-2024-40856, CVE-2024-40857, CVE-2024-40859, CVE-2024-40860, CVE-2024-40861, CVE-2024-40866, CVE-2024-41957, CVE-2024-44122, CVE-2024-44123, CVE-2024-44125, CVE-2024-44126, CVE-2024-44128, CVE-2024-44129, CVE-2024-44130, CVE-2024-44131, CVE-2024-44132, CVE-2024-44133, CVE-2024-44134, CVE-2024-44135, CVE-2024-44137, CVE-2024-44144, CVE-2024-44145, CVE-2024-44146, CVE-2024-44148, CVE-2024-44149, CVE-2024-44151, CVE-2024-44152, CVE-2024-44153, CVE-2024-44154, CVE-2024-44155, CVE-2024-44158, CVE-2024-44160, CVE-2024-44161, CVE-2024-44163, CVE-2024-44164, CVE-2024-44165, CVE-2024-44166, CVE-2024-44167, CVE-2024-44168, CVE-2024-44169, CVE-2024-44170, CVE-2024-44174, CVE-2024-44175, CVE-2024-44176, CVE-2024-44177, CVE-2024-44178, CVE-2024-44181, CVE-2024-44182, CVE-2024-44183, CVE-2024-44184, CVE-2024-44186, CVE-2024-44187, CVE-2024-44188, CVE-2024-44189, CVE-2024-44190, CVE-2024-44191, CVE-2024-44198, CVE-2024-44203, CVE-2024-44208

APPLE-SA: 121238