macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a macOS update that fixes multiple security
vulnerabilities.

Description :

The remote host is running a version of macOS that is 10.12.x prior to
10.12.4. It is, therefore, affected by multiple vulnerabilities in
multiple components, some of which are remote code execution
vulnerabilities. An unauthenticated, remote attacker can exploit these
remote code execution vulnerabilities by convincing a user to visit a
specially crafted website, resulting in the execution of arbitrary
code in the context of the current user. The affected components are
as follows :

- apache
- apache_mod_php
- AppleGraphicsPowerManagement
- AppleRAID
- Audio
- Bluetooth
- Carbon
- CoreGraphics
- CoreMedia
- CoreText
- curl
- EFI
- FinderKit
- FontParser
- HTTPProtocol
- Hypervisor
- iBooks
- ImageIO
- Intel Graphics Driver
- IOATAFamily
- IOFireWireAVC
- IOFireWireFamily
- Kernel
- Keyboards
- libarchive
- libc++abi
- LibreSSL
- MCX Client
- Menus
- Multi-Touch
- OpenSSH
- OpenSSL
- Printing
- python
- QuickTime
- Security
- SecurityFoundation
- sudo
- System Integrity Protection
- tcpdump
- tiffutil
- WebKit

See also :

https://support.apple.com/en-us/HT207615
http://www.nessus.org/u?ddb4db4a
https://httpoxy.org

Solution :

Upgrade to macOS version 10.12.4 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 99134 ()

Bugtraq ID: 85919
91247
91816
94650
94742
94744
94745
94746
94747
94753
94754
94846
94968
94972
94975
94977
95019
95076
95077
95078
95375
95764
95768
95774
95783
95852
97132
97134
97137
97140
97146
97147
97300
97301

CVE ID: CVE-2016-0736
CVE-2016-2161
CVE-2016-3619
CVE-2016-5387
CVE-2016-5636
CVE-2016-7056
CVE-2016-7585
CVE-2016-7922
CVE-2016-7923
CVE-2016-7924
CVE-2016-7925
CVE-2016-7926
CVE-2016-7927
CVE-2016-7928
CVE-2016-7929
CVE-2016-7930
CVE-2016-7931
CVE-2016-7932
CVE-2016-7933
CVE-2016-7934
CVE-2016-7935
CVE-2016-7936
CVE-2016-7937
CVE-2016-7938
CVE-2016-7939
CVE-2016-7940
CVE-2016-7973
CVE-2016-7974
CVE-2016-7975
CVE-2016-7983
CVE-2016-7984
CVE-2016-7985
CVE-2016-7986
CVE-2016-7992
CVE-2016-7993
CVE-2016-8574
CVE-2016-8575
CVE-2016-8740
CVE-2016-8743
CVE-2016-9533
CVE-2016-9535
CVE-2016-9536
CVE-2016-9537
CVE-2016-9538
CVE-2016-9539
CVE-2016-9540
CVE-2016-9586
CVE-2016-9935
CVE-2016-10009
CVE-2016-10010
CVE-2016-10011
CVE-2016-10012
CVE-2016-10158
CVE-2016-10159
CVE-2016-10160
CVE-2016-10161
CVE-2017-2379
CVE-2017-2381
CVE-2017-2388
CVE-2017-2390
CVE-2017-2392
CVE-2017-2398
CVE-2017-2401
CVE-2017-2402
CVE-2017-2403
CVE-2017-2406
CVE-2017-2407
CVE-2017-2408
CVE-2017-2409
CVE-2017-2410
CVE-2017-2413
CVE-2017-2416
CVE-2017-2417
CVE-2017-2418
CVE-2017-2420
CVE-2017-2421
CVE-2017-2422
CVE-2017-2423
CVE-2017-2425
CVE-2017-2426
CVE-2017-2427
CVE-2017-2428
CVE-2017-2429
CVE-2017-2430
CVE-2017-2431
CVE-2017-2432
CVE-2017-2435
CVE-2017-2436
CVE-2017-2437
CVE-2017-2438
CVE-2017-2439
CVE-2017-2440
CVE-2017-2441
CVE-2017-2443
CVE-2017-2448
CVE-2017-2449
CVE-2017-2450
CVE-2017-2451
CVE-2017-2456
CVE-2017-2457
CVE-2017-2458
CVE-2017-2461
CVE-2017-2462
CVE-2017-2467
CVE-2017-2472
CVE-2017-2473
CVE-2017-2474
CVE-2017-2478
CVE-2017-2482
CVE-2017-2483
CVE-2017-2485
CVE-2017-2486
CVE-2017-2487
CVE-2017-2489
CVE-2017-2490
CVE-2017-5202
CVE-2017-5203
CVE-2017-5204
CVE-2017-5205
CVE-2017-5341
CVE-2017-5342
CVE-2017-5482
CVE-2017-5483
CVE-2017-5484
CVE-2017-5485
CVE-2017-5486
CVE-2017-6974

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now