macOS 10.15.x < 10.15.1 / 10.14.x < 10.14.6 Security Update 2019-001 / 10.13.x < 10.13.6 Security Update 2019-006
High Nessus Plugin ID 130967
SynopsisThe remote host is missing a macOS or Mac OS X security update that fixes multiple vulnerabilities.
DescriptionThe remote host is running a version of macOS or Mac OS X that is 10.15.x prior to 10.15.1, 10.14.x prior to 10.14.6 security update 2019-001, 10.13.x prior to 10.13.6 security update 2019-006. It is, therefore, affected by multiple vulnerabilities :
- An out-of-bounds read error exists in the accounts component due to improper input validation. A remote attacker can exploit this, to disclose memory contents. (CVE-2019-8787)
- A security bypass vulnerability exists in the App Store component due to an improper state management implementation. A local attacker can exploit this, to login to the account of a previously logged in user without valid credentials. (CVE-2019-8803)
- An out-of-bounds read error exists in the IOGraphics component due to improper bounds checking. A local attacker can exploit this, to cause unexpected system termination or to read kernel memory. (CVE-2019-8759)
Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.
SolutionUpgrade to macOS 10.15.1 / 10.14.6 security update 2019-001 / 10.13.6 security update 2019-006 or later