Google Santa Code Signing Bypass (macOS)

Medium Nessus Plugin ID 110519

Synopsis

A binary whitelisting and blacklisting application installed on
the remote macOS or Mac OS X host is vulnerable to accepting forged
Apple signatures.

Description

The installed version of Google Santa is less than 0.9.25 and is
therefore vulnerable to allowing execution of malicious binaries due
to accepting forged Apple signatures.

Solution

Update Google Santa to version 0.9.25 or higher.

See Also

http://www.nessus.org/u?8e9d177b

https://github.com/google/santa/releases/tag/0.9.25

https://github.com/google/santa

Plugin Details

Severity: Medium

ID: 110519

File Name: macosx_google_santa_0_9_25.nasl

Version: 1.3

Type: local

Agent: macosx

Published: 2018/06/13

Modified: 2018/06/14

Dependencies: 110502

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: x-cpe:/a:google:santa

Patch Publication Date: 2018/04/24

Vulnerability Publication Date: 2018/06/12

Reference Information

CVE: CVE-2018-10405