macOS 10.15.x < Catalina Security Update 2022-001 (HT213056)

high Nessus Plugin ID 157181

Synopsis

The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple vulnerabilities

Description

The remote host is running a version of macOS / Mac OS X that is 0.0.x prior to Catalina Security Update 2022-001 Catalina. It is, therefore, affected by multiple vulnerabilities :

- A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. A malicious application may be able to bypass certain Privacy preferences. (CVE-2021-30946)

- A buffer overflow issue was addressed with improved memory handling. A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2022-22593)

- An information disclosure issue was addressed with improved state management. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution (CVE-2022-22579)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS Catalina Security Update 2022-001 or later.

See Also

https://support.apple.com/en-us/HT213056

Plugin Details

Severity: High

ID: 157181

File Name: macos_HT213056.nasl

Version: 1.5

Type: local

Agent: macosx

Published: 1/28/2022

Updated: 4/26/2022

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2022-22593

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x, cpe:/o:apple:macos

Exploit Ease: No known exploits are available

Patch Publication Date: 1/26/2022

Vulnerability Publication Date: 1/26/2022

Reference Information

CVE: CVE-2021-30946, CVE-2021-30972, CVE-2022-22579, CVE-2022-22583, CVE-2022-22593

APPLE-SA: HT213056

IAVA: 2022-A-0051-S