Google Santa Code Signing Bypass (macOS)

Medium Nessus Plugin ID 110519


A binary whitelisting and blacklisting application installed on the remote macOS or Mac OS X host is vulnerable to accepting forged Apple signatures.


The installed version of Google Santa is less than 0.9.25 and is therefore vulnerable to allowing execution of malicious binaries due to accepting forged Apple signatures.


Update Google Santa to version 0.9.25 or higher.

See Also

Plugin Details

Severity: Medium

ID: 110519

File Name: macosx_google_santa_0_9_25.nasl

Version: 1.3

Type: local

Agent: macosx

Published: 2018/06/13

Modified: 2018/06/14

Dependencies: 110502

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N


Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: x-cpe:/a:google:santa

Required KB Items: installed_sw/Santa

Patch Publication Date: 2018/04/24

Vulnerability Publication Date: 2018/06/12

Reference Information

CVE: CVE-2018-10405