macOS 10.14.x < 10.14.6 Security Update 2021-004 Mojave (HT212531)

critical Nessus Plugin ID 149985

Synopsis

The remote host is missing a macOS security update.

Description

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2021-004 Mojave. It is, therefore, affected by multiple vulnerabilities, including the following:

- A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
(CVE-2021-30712)

- A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
(CVE-2021-30678)

- An application may be able to execute arbitrary code with kernel privileges. (CVE-2021-30704)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 10.14.6 Security Update 2021-004 Mojave or later.

See Also

https://support.apple.com/en-us/HT212531

Plugin Details

Severity: Critical

ID: 149985

File Name: macos_HT212531.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 5/26/2021

Updated: 5/10/2022

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-30728

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

CVSS Score Source: CVE-2021-30690

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x, cpe:/o:apple:macos

Exploit Ease: No known exploits are available

Patch Publication Date: 5/24/2021

Vulnerability Publication Date: 5/24/2021

Reference Information

CVE: CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230, CVE-2021-1883, CVE-2021-1884, CVE-2021-30669, CVE-2021-30676, CVE-2021-30678, CVE-2021-30679, CVE-2021-30681, CVE-2021-30683, CVE-2021-30687, CVE-2021-30690, CVE-2021-30691, CVE-2021-30692, CVE-2021-30693, CVE-2021-30694, CVE-2021-30695, CVE-2021-30697, CVE-2021-30702, CVE-2021-30704, CVE-2021-30705, CVE-2021-30708, CVE-2021-30709, CVE-2021-30710, CVE-2021-30712, CVE-2021-30716, CVE-2021-30717, CVE-2021-30721, CVE-2021-30722, CVE-2021-30723, CVE-2021-30724, CVE-2021-30725, CVE-2021-30728, CVE-2021-30746

APPLE-SA: HT212531, APPLE-SA-2021-05-25-3

IAVA: 2021-A-0251-S