Google Santa Code Signing Bypass (macOS)

Medium Nessus Plugin ID 110519

Synopsis

A binary whitelisting and blacklisting application installed on the remote macOS or Mac OS X host is vulnerable to accepting forged Apple signatures.

Description

The installed version of Google Santa is less than 0.9.25 and is therefore vulnerable to allowing execution of malicious binaries due to accepting forged Apple signatures.

Solution

Update Google Santa to version 0.9.25 or higher.

See Also

http://www.nessus.org/u?8e9d177b

https://github.com/google/santa/releases/tag/0.9.25

https://github.com/google/santa

Plugin Details

Severity: Medium

ID: 110519

File Name: macosx_google_santa_0_9_25.nasl

Version: 1.3

Type: local

Agent: macosx

Published: 2018/06/13

Modified: 2018/06/14

Dependencies: 110502

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: x-cpe:/a:google:santa

Required KB Items: installed_sw/Santa

Patch Publication Date: 2018/04/24

Vulnerability Publication Date: 2018/06/12

Reference Information

CVE: CVE-2018-10405