Detections
Analytics

macOS 11.x < 11.5 (HT212602)

critical Nessus Plugin ID 152038

Language:

Synopsis

The remote host is missing a macOS security update.

Description

The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.5 Big Sur. It is, therefore, affected by multiple vulnerabilities including the following:

 - An application may be able to execute arbitrary code with kernel privileges (CVE-2021-30805)

 - Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution (CVE-2021-30790)

 - A local attacker may be able to cause unexpected application termination or arbitrary code execution (CVE-2021-30781)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 11.5 or later.

See Also

https://support.apple.com/en-us/HT212602

Plugin Details

Severity: Critical

ID: 152038

File Name: macos_HT212602.nasl

Version: 1.5

Type: local

Agent: macosx

Published: 7/23/2021

Updated: 9/20/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-30805

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x, cpe:/o:apple:macos

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/21/2021

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2021-30748, CVE-2021-30758, CVE-2021-30759, CVE-2021-30760, CVE-2021-30765, CVE-2021-30766, CVE-2021-30768, CVE-2021-30772, CVE-2021-30774, CVE-2021-30775, CVE-2021-30776, CVE-2021-30777, CVE-2021-30778, CVE-2021-30779, CVE-2021-30780, CVE-2021-30781, CVE-2021-30782, CVE-2021-30783, CVE-2021-30784, CVE-2021-30785, CVE-2021-30786, CVE-2021-30787, CVE-2021-30788, CVE-2021-30789, CVE-2021-30790, CVE-2021-30791, CVE-2021-30792, CVE-2021-30793, CVE-2021-30795, CVE-2021-30796, CVE-2021-30797, CVE-2021-30798, CVE-2021-30799, CVE-2021-30803, CVE-2021-30805, CVE-2021-3518

APPLE-SA: APPLE-SA-2021-07-21, HT212602

IAVA: 2021-A-0349-S