Mac OS X Multiple Vulnerabilities (Security Update 2017-002)

high Nessus Plugin ID 100271
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.7

Synopsis

The remote host is missing a Mac OS X update that fixes multiple security vulnerabilities.

Description

The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities :

- A memory corruption issue exists in the Sandbox component that allows an unauthenticated, remote attacker to escape an application sandbox.
(CVE-2017-2512)

- An information disclosure vulnerability exists in the Kernel component due to improper sanitization of user-supplied input. A local attacker can exploit this to read the contents of restricted memory.
(CVE-2017-2516)

- An unspecified memory corruption issue exists in the TextInput component when parsing specially crafted data.
An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2524)

- A flaw exists in the CoreAnimation component when handling specially crafted data. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2527)

- A race condition exists in the DiskArbitration feature that allow a local attacker to gain system-level privileges. (CVE-2017-2533)

- A resource exhaustion issue exists in the Security component due to improper validation of user-supplied input. A local attacker can exploit this to exhaust resources and escape an application sandbox.
(CVE-2017-2535)

- Multiple memory corruption issues exist in the WindowServer component that allow a local attacker to execute arbitrary code with system-level privileges.
(CVE-2017-2537, CVE-2017-2548)

- An information disclosure vulnerability exists in WindowServer component in the _XGetConnectionPSN() function due to improper validation of user-supplied input. A local attacker can exploit this to read the contents of restricted memory. (CVE-2017-2540)

- A stack-based buffer overflow condition exists in the WindowServer component in the _XGetWindowMovementGroup() function due to improper validation of user-supplied input. A local attacker can exploit this to execute arbitrary code with the privileges of WindowServer.
(CVE-2017-2541)

- A memory corruption issue exists in the Kernel component that allow a local attacker to gain kernel-level privileges. (CVE-2017-2546)

- A race condition exists in the IOSurface component that allows a local attacker to execute arbitrary code with kernel-level privileges. (CVE-2017-6979)

- An information disclosure vulnerability exists in HFS component due to improper sanitization of user-supplied input. A local attacker can exploit this to read the contents of restricted memory. (CVE-2017-6990)

Solution

Install Security Update 2017-002 or later.

See Also

https://support.apple.com/en-us/HT207797

http://seclists.org/fulldisclosure/2017/May/47

Plugin Details

Severity: High

ID: 100271

File Name: macosx_SecUpd_10_11_6_2017-002__10_10_5_2017-002.nasl

Version: 1.6

Type: local

Agent: macosx

Published: 5/18/2017

Updated: 11/13/2019

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS Score Source: CVE-2017-2548

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, Host/MacOSX/packages/boms

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/15/2017

Vulnerability Publication Date: 5/15/2017

Reference Information

CVE: CVE-2017-2524, CVE-2017-6979, CVE-2017-2516, CVE-2017-6990, CVE-2017-2540, CVE-2017-2535, CVE-2017-2527, CVE-2017-2533, CVE-2017-2546, CVE-2017-2512, CVE-2017-2537, CVE-2017-2541, CVE-2017-2548

BID: 98483

APPLE-SA: APPLE-SA-2017-05-15-1