Mac OS X Multiple Vulnerabilities (Security Update 2017-001

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes multiple
security vulnerabilities.

Description :

The remote host is running a version of Mac OS X 10.10.5 or 10.11.6
that is missing a security update. It is therefore, affected by
multiple vulnerabilities :

- An information disclosure vulnerability exists in the
LibreSSL component due to a flaw in the ECDSA
implementation that is triggered when not properly
setting a flag in ECDSA signing nonces to indicate that
only constant-time code paths should be followed. An
unauthenticated, remote attacker can exploit this to
conduct side-channel cache-timing attacks, allowing the
attacker to recover the modular inversion state
sequences and the ECDSA private keys. Note that this
vulnerability does not affect Mac OS X 10.10.5.
(CVE-2016-7056)

- An integer overflow condition exists in the ImageIO
component due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this, by convincing a user to open a specially crafted
JPEG file, to cause a denial of service condition or the
execution of arbitrary code. (CVE-2017-2432)

- Multiple memory corruption issues exist in the libxslt
component that allow an unauthenticated, remote attacker
to cause a denial of service condition or the execution
of arbitrary code. (CVE-2017-2477)

- An integer overflow condition exists in the libxslt
component in the xsltAddTextString() function in
transform.c. An unauthenticated, remote attacker can
exploit this, by convincing a user to open a specially
crafted file, to cause an out-of-bounds write,
potentially allowing the execution of arbitrary code.
(CVE-2017-5029)

See also :

https://support.apple.com/en-us/HT207615
http://www.nessus.org/u?ddb4db4a

Solution :

Install Security Update 2017-001 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 99135 ()

Bugtraq ID: 95375
97137
97303

CVE ID: CVE-2016-7056
CVE-2017-2432
CVE-2017-2477
CVE-2017-5029

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now