Mac OS X Multiple Vulnerabilities (Security Update 2017-002)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes multiple
security vulnerabilities.

Description :

The remote host is running a version of Mac OS X 10.10.5 or 10.11.6
that is missing a security update. It is therefore, affected by
multiple vulnerabilities :

- A memory corruption issue exists in the Sandbox
component that allows an unauthenticated, remote
attacker to escape an application sandbox.
(CVE-2017-2512)

- An information disclosure vulnerability exists in the
Kernel component due to improper sanitization of
user-supplied input. A local attacker can exploit this
to read the contents of restricted memory.
(CVE-2017-2516)

- An unspecified memory corruption issue exists in the
TextInput component when parsing specially crafted data.
An unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2017-2524)

- A flaw exists in the CoreAnimation component when
handling specially crafted data. An unauthenticated,
remote attacker can exploit this to execute arbitrary
code. (CVE-2017-2527)

- A race condition exists in the DiskArbitration feature
that allow a local attacker to gain system-level
privileges. (CVE-2017-2533)

- A resource exhaustion issue exists in the Security
component due to improper validation of user-supplied
input. A local attacker can exploit this to exhaust
resources and escape an application sandbox.
(CVE-2017-2535)

- Multiple memory corruption issues exist in the
WindowServer component that allow a local attacker to
execute arbitrary code with system-level privileges.
(CVE-2017-2537, CVE-2017-2548)

- An information disclosure vulnerability exists in
WindowServer component in the _XGetConnectionPSN()
function due to improper validation of user-supplied
input. A local attacker can exploit this to read the
contents of restricted memory. (CVE-2017-2540)

- A stack-based buffer overflow condition exists in the
WindowServer component in the _XGetWindowMovementGroup()
function due to improper validation of user-supplied
input. A local attacker can exploit this to execute
arbitrary code with the privileges of WindowServer.
(CVE-2017-2541)

- A memory corruption issue exists in the Kernel component
that allow a local attacker to gain kernel-level
privileges. (CVE-2017-2546)

- A race condition exists in the IOSurface component that
allows a local attacker to execute arbitrary code with
kernel-level privileges. (CVE-2017-6979)

- An information disclosure vulnerability exists in HFS
component due to improper sanitization of user-supplied
input. A local attacker can exploit this to read the
contents of restricted memory. (CVE-2017-6990)

See also :

https://support.apple.com/en-us/HT207797
http://seclists.org/fulldisclosure/2017/May/47

Solution :

Install Security Update 2017-002 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now