Apple Xcode < 9.0 Multiple RCE (macOS)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An IDE application installed on the remote macOS or Mac OS X host is
affected by multiple remote code execution vulnerabilities.

Description :

The version of Apple Xcode installed on the remote macOS or Mac OS X
host is prior to 9.0. It is, therefore, affected by multiple remote
code execution vulnerabilities in the git, Id64, and subversion components.
An unauthenticated, remote attacker can exploit these vulnerabilities to
cause execution of arbitrary code.

See also :

https://support.apple.com/en-us/HT208103
http://www.nessus.org/u?f9703a45

Solution :

Upgrade to Apple Xcode version 9.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 103359 ()

Bugtraq ID: 100259
100283
100894

CVE ID: CVE-2017-7076
CVE-2017-7134
CVE-2017-7135
CVE-2017-7136
CVE-2017-7137
CVE-2017-9800
CVE-2017-1000117

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now