macOS 10.15.x < 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003

high Nessus Plugin ID 136930

Synopsis

The remote host is missing a macOS update that fixes multiple vulnerabilities

Description

The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.5, 10.13.x prior to 10.13.6 Security Update 2020-003, 10.14.x prior to 10.14.6 Security Update 2020-003. It is, therefore, affected by multiple vulnerabilities:

- In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
(CVE-2019-14868)

- In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). (CVE-2019-20044)

- An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-3878)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003 or later

See Also

https://support.apple.com/en-us/HT211170

Plugin Details

Severity: High

ID: 136930

File Name: macos_HT211170.nasl

Version: 1.10

Type: combined

Agent: macosx

Published: 5/28/2020

Updated: 5/13/2022

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2020-9852

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

CVSS Score Source: CVE-2020-9790

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x, cpe:/o:apple:macos

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/18/2020

Vulnerability Publication Date: 2/24/2020

Exploitable With

Metasploit (Safari in Operator Side Effect Exploit)

Reference Information

CVE: CVE-2019-14868, CVE-2019-20044, CVE-2020-3878, CVE-2020-3882, CVE-2020-9771, CVE-2020-9772, CVE-2020-9788, CVE-2020-9789, CVE-2020-9790, CVE-2020-9791, CVE-2020-9792, CVE-2020-9793, CVE-2020-9794, CVE-2020-9795, CVE-2020-9797, CVE-2020-9804, CVE-2020-9808, CVE-2020-9809, CVE-2020-9811, CVE-2020-9812, CVE-2020-9813, CVE-2020-9814, CVE-2020-9815, CVE-2020-9816, CVE-2020-9817, CVE-2020-9821, CVE-2020-9822, CVE-2020-9824, CVE-2020-9825, CVE-2020-9826, CVE-2020-9827, CVE-2020-9828, CVE-2020-9830, CVE-2020-9831, CVE-2020-9832, CVE-2020-9833, CVE-2020-9834, CVE-2020-9837, CVE-2020-9839, CVE-2020-9841, CVE-2020-9842, CVE-2020-9844, CVE-2020-9847, CVE-2020-9851, CVE-2020-9852, CVE-2020-9855, CVE-2020-9856, CVE-2020-9857

APPLE-SA: APPLE-SA-2020-05-18, HT211170

IAVA: 2020-A-0227-S