Detections
Analytics
macOS 10.13.x < 10.13.6 Security Update 2020-006 / 10.14.x < 10.14.6 Security Update 2020-006 (HT211946)
high Nessus Plugin ID 143478
Language:
Synopsis
The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple vulnerabilitiesDescription
The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-006 High Sierra, or 10.14.x prior to 10.14.6 Security Update 2020-006 Mojave. It is, therefore, affected by multiple vulnerabilities :- Processing a maliciously crafted font may lead to arbitrary code execution. (CVE-2020-27930)
- A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2020-27932)
- A malicious application may be able to disclose kernel memory. (CVE-2020-27950)
Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.
Solution
Upgrade to macOS 10.13.6 Security Update 2020-006 / 10.14.6 Security Update 2020-006 or later.See Also
Plugin Details
Severity: High
ID: 143478
File Name: macos_HT211946.nasl
Version: 1.8
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 12/4/2020
Updated: 4/25/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2020-27932
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:apple:mac_os_x, cpe:/o:apple:macos
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/4/2020
Vulnerability Publication Date: 11/3/2020
CISA Known Exploited Vulnerability Due Dates: 5/3/2022
Reference Information
CVE: CVE-2020-27930, CVE-2020-27932, CVE-2020-27950
APPLE-SA: APPLE-SA-2020-11-04, HT211946