Detections
Analytics
macOS 10.14.x < 10.14.3 Multiple Vulnerabilities
critical Nessus Plugin ID 121393
Language:
Synopsis
The remote host is missing a macOS update that fixes multiple security vulnerabilities.Description
The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.3. It is, therefore, affected by multiple vulnerabilities related to the following components:- AppleKeyStore
- Bluetooth
- Core Media
- CoreAnimation
- FaceTime
- IOKit
- Kernel
- libxpc
- Natural Language Processing
- QuartzCore
- SQLite
- WebRTC
Note that successful exploitation of the most serious issues can result in arbitrary code execution.
Solution
Upgrade to macOS version 10.14.3 or later.See Also
Plugin Details
Severity: Critical
ID: 121393
File Name: macos_10_14_3.nasl
Version: 1.6
Type: combined
Agent: macosx
Family: MacOS X Local Security Checks
Published: 1/25/2019
Updated: 5/24/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.6
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2019-6218
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 9.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2019-6235
Vulnerability Information
CPE: cpe:/o:apple:mac_os_x, cpe:/o:apple:macos
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/22/2019
Vulnerability Publication Date: 1/22/2019
Reference Information
CVE: CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-6200, CVE-2019-6202, CVE-2019-6205, CVE-2019-6208, CVE-2019-6209, CVE-2019-6210, CVE-2019-6211, CVE-2019-6213, CVE-2019-6214, CVE-2019-6218, CVE-2019-6219, CVE-2019-6220, CVE-2019-6221, CVE-2019-6224, CVE-2019-6225, CVE-2019-6230, CVE-2019-6231, CVE-2019-6235
APPLE-SA: APPLE-SA-2019-1-22-2