Mac OS X Multiple Vulnerabilities (Security Update 2017-002)

high Nessus Plugin ID 100271

Synopsis

The remote host is missing a Mac OS X update that fixes multiple security vulnerabilities.

Description

The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities :

- A memory corruption issue exists in the Sandbox component that allows an unauthenticated, remote attacker to escape an application sandbox.
(CVE-2017-2512)

- An information disclosure vulnerability exists in the Kernel component due to improper sanitization of user-supplied input. A local attacker can exploit this to read the contents of restricted memory.
(CVE-2017-2516)

- An unspecified memory corruption issue exists in the TextInput component when parsing specially crafted data.
An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2524)

- A flaw exists in the CoreAnimation component when handling specially crafted data. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2527)

- A race condition exists in the DiskArbitration feature that allow a local attacker to gain system-level privileges. (CVE-2017-2533)

- A resource exhaustion issue exists in the Security component due to improper validation of user-supplied input. A local attacker can exploit this to exhaust resources and escape an application sandbox.
(CVE-2017-2535)

- Multiple memory corruption issues exist in the WindowServer component that allow a local attacker to execute arbitrary code with system-level privileges.
(CVE-2017-2537, CVE-2017-2548)

- An information disclosure vulnerability exists in WindowServer component in the _XGetConnectionPSN() function due to improper validation of user-supplied input. A local attacker can exploit this to read the contents of restricted memory. (CVE-2017-2540)

- A stack-based buffer overflow condition exists in the WindowServer component in the _XGetWindowMovementGroup() function due to improper validation of user-supplied input. A local attacker can exploit this to execute arbitrary code with the privileges of WindowServer.
(CVE-2017-2541)

- A memory corruption issue exists in the Kernel component that allow a local attacker to gain kernel-level privileges. (CVE-2017-2546)

- A race condition exists in the IOSurface component that allows a local attacker to execute arbitrary code with kernel-level privileges. (CVE-2017-6979)

- An information disclosure vulnerability exists in HFS component due to improper sanitization of user-supplied input. A local attacker can exploit this to read the contents of restricted memory. (CVE-2017-6990)

Solution

Install Security Update 2017-002 or later.

See Also

https://support.apple.com/en-us/HT207797

http://seclists.org/fulldisclosure/2017/May/47

Plugin Details

Severity: High

ID: 100271

File Name: macosx_SecUpd_10_11_6_2017-002__10_10_5_2017-002.nasl

Version: 1.6

Type: local

Agent: macosx

Published: 5/18/2017

Updated: 11/13/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-2548

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, Host/MacOSX/packages/boms

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/15/2017

Vulnerability Publication Date: 5/15/2017

Reference Information

CVE: CVE-2017-2512, CVE-2017-2516, CVE-2017-2524, CVE-2017-2527, CVE-2017-2533, CVE-2017-2535, CVE-2017-2537, CVE-2017-2540, CVE-2017-2541, CVE-2017-2546, CVE-2017-2548, CVE-2017-6979, CVE-2017-6990

BID: 98483

APPLE-SA: APPLE-SA-2017-05-15-1