macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004

critical Nessus Plugin ID 141100

Synopsis

The remote host is missing a macOS security update

Description

The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-004, 10.14.x prior to 10.14.6 Security Update 2020-004, or 10.15.x prior to 10.15.6. It is, therefore, affected by multiple vulnerabilities, including the following:

- A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. (CVE-2019-14899)

- cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)

- In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). (CVE-2019-20807)

- rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. (CVE-2014-9512)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macos 10.13.6 Security Update 2020-004 / 10.14.6 Security Update 2020-004 / 10.15.6 or later

See Also

https://support.apple.com/en-us/HT211289

Plugin Details

Severity: Critical

ID: 141100

File Name: macos_HT211289.nasl

Version: 1.9

Type: local

Agent: macosx

Published: 10/1/2020

Updated: 9/8/2022

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2020-9918

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x, cpe:/o:apple:macos

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/10/2020

Vulnerability Publication Date: 12/11/2019

CISA Known Exploited Dates: 9/29/2022

Reference Information

CVE: CVE-2014-9512, CVE-2019-14899, CVE-2019-19906, CVE-2019-20807, CVE-2020-9799, CVE-2020-9854, CVE-2020-9863, CVE-2020-9864, CVE-2020-9865, CVE-2020-9866, CVE-2020-9868, CVE-2020-9869, CVE-2020-9870, CVE-2020-9871, CVE-2020-9872, CVE-2020-9873, CVE-2020-9874, CVE-2020-9875, CVE-2020-9876, CVE-2020-9877, CVE-2020-9878, CVE-2020-9879, CVE-2020-9880, CVE-2020-9881, CVE-2020-9882, CVE-2020-9883, CVE-2020-9884, CVE-2020-9885, CVE-2020-9887, CVE-2020-9888, CVE-2020-9889, CVE-2020-9890, CVE-2020-9891, CVE-2020-9892, CVE-2020-9898, CVE-2020-9899, CVE-2020-9900, CVE-2020-9901, CVE-2020-9902, CVE-2020-9904, CVE-2020-9905, CVE-2020-9906, CVE-2020-9908, CVE-2020-9913, CVE-2020-9918, CVE-2020-9919, CVE-2020-9920, CVE-2020-9921, CVE-2020-9924, CVE-2020-9927, CVE-2020-9928, CVE-2020-9929, CVE-2020-9934, CVE-2020-9935, CVE-2020-9936, CVE-2020-9937, CVE-2020-9938, CVE-2020-9939, CVE-2020-9940, CVE-2020-9980, CVE-2020-9984, CVE-2020-9985, CVE-2020-9990, CVE-2020-9994, CVE-2020-9997, CVE-2020-11758, CVE-2020-11759, CVE-2020-11760, CVE-2020-11761, CVE-2020-11762, CVE-2020-11763, CVE-2020-11764, CVE-2020-11765, CVE-2020-12243

IAVB: 2020-B-0053

APPLE-SA: HT211289, APPLE-SA-2020-07-15

IAVA: 2020-A-0539-S