97140

1038138

https://support.apple.com/HT207615

The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

  - apache
  - apache_mod_php
  - AppleGraphicsPowerManagement
  - AppleRAID
  - Audio
  - Bluetooth
  - Carbon
  - CoreGraphics
  - CoreMedia
  - CoreText
  - curl
  - EFI
  - FinderKit
  - FontParser
  - HTTPProtocol
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOATAFamily
  - IOFireWireAVC
  - IOFireWireFamily
  - Kernel
  - Keyboards
  - libarchive
  - libc++abi
  - LibreSSL
  - MCX Client
  - Menus
  - Multi-Touch
  - OpenSSH
  - OpenSSL
  - Printing
  - python
  - QuickTime
  - Security
  - SecurityFoundation
  - sudo
  - System Integrity Protection
  - tcpdump
  - tiffutil
  - WebKit

The remote host is running a version of Mac OS X version 10.x prior to 10.12.4 , and is affected by multiple vulnerabilities :

 - A format string flaw exists that is triggered as string format specifiers (e.g. %s and %x) are not properly used when handling IPP(S) links. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2403)
 - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API call. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)
 - A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430)
 - A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441)
 - A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448)
 - An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462)
 - An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2485)

Additional flaws exist in the following components :

 - AppleGraphicsPowerManagement (CVE-2017-2421)
 - AppleRAID (CVE-2017-2438)
 - Bluetooth (CVE-2017-2420, CVE-2017-2427, CVE-2017-2449)
 - Carbon (CVE-2017-2379)
 - CoreGraphics (CVE-2017-2417)
 - CoreMedia (2017-2431)
 - CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461)
 - EFI (CVE-2016-7585)
 - Finderkit (CVE-2017-2429)
 - FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487)
 - Hypervisor (CVE-2017-2418)
 - iBooks (CVE-2017-2426)
 - IOATAFamily (CVE-2017-2408)
 - IOFireWireAVC (CVE-2017-2436, CVE-2017-2437)
 - IOFireWireFamily (CVE-2017-2388)
 - ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467)
 - Intel Graphics (CVE-2017-2443)
 - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2410, 2017-2440, 2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2489, CVE-2017-2490)
 - Keyboards (CVE-2017-2458)
 - libarchive (CVE-2017-2390)
 - libxslt (CVE-2017-2477)
 - MCX (CVE-2017-2402)
 - Menus (CVE-2017-2409)
 - Multi-touch (CVE-2017-2422)
 - nghttp2 (CVE-2017-2428)
 - QuickTime (2017-2413)
 - Security (2017-2451, 2017-6974)
 - SecurityFoundation (CVE-2017-2425)
 - sudo (CVE-2017-2381)
 - WebKit (CVE-2017-2392, CVE-2017-2457, CVE-2017-2486)

ID	Name	Product	Family	Severity
99134	macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)	Nessus	MacOS X Local Security Checks	critical
700032	Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical

CVE-2016-7585

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical