Google Santa Code Signing Bypass (macOS)

Medium Nessus Plugin ID 110519


A binary whitelisting and blacklisting application installed on
the remote macOS or Mac OS X host is vulnerable to accepting forged
Apple signatures.


The installed version of Google Santa is less than 0.9.25 and is
therefore vulnerable to allowing execution of malicious binaries due
to accepting forged Apple signatures.


Update Google Santa to version 0.9.25 or higher.

See Also

Plugin Details

Severity: Medium

ID: 110519

File Name: macosx_google_santa_0_9_25.nasl

Version: 1.3

Type: local

Agent: macosx

Published: 2018/06/13

Modified: 2018/06/14

Dependencies: 110502

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: x-cpe:/a:google:santa

Patch Publication Date: 2018/04/24

Vulnerability Publication Date: 2018/06/12

Reference Information

CVE: CVE-2018-10405