97303

https://support.apple.com/HT207615

The remote host is running a version of Mac OS X version 10.x prior to 10.12.4 , and is affected by multiple vulnerabilities :

 - A format string flaw exists that is triggered as string format specifiers (e.g. %s and %x) are not properly used when handling IPP(S) links. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2403)
 - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API call. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)
 - A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430)
 - A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441)
 - A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448)
 - An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462)
 - An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2485)

Additional flaws exist in the following components :

 - AppleGraphicsPowerManagement (CVE-2017-2421)
 - AppleRAID (CVE-2017-2438)
 - Bluetooth (CVE-2017-2420, CVE-2017-2427, CVE-2017-2449)
 - Carbon (CVE-2017-2379)
 - CoreGraphics (CVE-2017-2417)
 - CoreMedia (2017-2431)
 - CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461)
 - EFI (CVE-2016-7585)
 - Finderkit (CVE-2017-2429)
 - FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487)
 - Hypervisor (CVE-2017-2418)
 - iBooks (CVE-2017-2426)
 - IOATAFamily (CVE-2017-2408)
 - IOFireWireAVC (CVE-2017-2436, CVE-2017-2437)
 - IOFireWireFamily (CVE-2017-2388)
 - ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467)
 - Intel Graphics (CVE-2017-2443)
 - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2410, 2017-2440, 2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2489, CVE-2017-2490)
 - Keyboards (CVE-2017-2458)
 - libarchive (CVE-2017-2390)
 - libxslt (CVE-2017-2477)
 - MCX (CVE-2017-2402)
 - Menus (CVE-2017-2409)
 - Multi-touch (CVE-2017-2422)
 - nghttp2 (CVE-2017-2428)
 - QuickTime (2017-2413)
 - Security (2017-2451, 2017-6974)
 - SecurityFoundation (CVE-2017-2425)
 - sudo (CVE-2017-2381)
 - WebKit (CVE-2017-2392, CVE-2017-2457, CVE-2017-2486)

The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     LibreSSL component due to a flaw in the ECDSA     implementation that is triggered when not properly     setting a flag in ECDSA signing nonces to indicate that     only constant-time code paths should be followed. An     unauthenticated, remote attacker can exploit this to     conduct side-channel cache-timing attacks, allowing the     attacker to recover the  modular inversion state     sequences and the ECDSA private keys. Note that this     vulnerability does not affect Mac OS X 10.10.5.
    (CVE-2016-7056)

  - An integer overflow condition exists in the ImageIO     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this, by convincing a user to open a specially crafted     JPEG file, to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-2432)

  - Multiple memory corruption issues exist in the libxslt     component that allow an unauthenticated, remote attacker     to cause a denial of service condition or the execution     of arbitrary code. (CVE-2017-2477)

  - An integer overflow condition exists in the libxslt     component in the xsltAddTextString() function in     transform.c. An unauthenticated, remote attacker can     exploit this, by convincing a user to open a specially     crafted file, to cause an out-of-bounds write,     potentially allowing the execution of arbitrary code.
    (CVE-2017-5029)

The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

  - apache
  - apache_mod_php
  - AppleGraphicsPowerManagement
  - AppleRAID
  - Audio
  - Bluetooth
  - Carbon
  - CoreGraphics
  - CoreMedia
  - CoreText
  - curl
  - EFI
  - FinderKit
  - FontParser
  - HTTPProtocol
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOATAFamily
  - IOFireWireAVC
  - IOFireWireFamily
  - Kernel
  - Keyboards
  - libarchive
  - libc++abi
  - LibreSSL
  - MCX Client
  - Menus
  - Multi-Touch
  - OpenSSH
  - OpenSSL
  - Printing
  - python
  - QuickTime
  - Security
  - SecurityFoundation
  - sudo
  - System Integrity Protection
  - tcpdump
  - tiffutil
  - WebKit

ID	Name	Product	Family	Severity
700032	Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
99135	Mac OS X Multiple Vulnerabilities (Security Update 2017-001	Nessus	MacOS X Local Security Checks	high
99134	macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)	Nessus	MacOS X Local Security Checks	critical

CVE-2017-2477

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins