Detections
Analytics

macOS 13.x < 13.4 Multiple Vulnerabilities (HT213758)

critical Nessus Plugin ID 176078

Language:

Synopsis

The remote host is missing a macOS update that fixes multiple vulnerabilities

Description

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.4. It is, therefore, affected by multiple vulnerabilities:

 - A privacy issue was addressed with improved private data redaction for log entries. (CVE-2023-32388, CVE-2023-32392)

 - This issue was addressed with improved checks. (CVE-2023-32400)

 - This issue was addressed with improved entitlements. (CVE-2023-32367, CVE-2023-32376, CVE-2023-32404, CVE-2023-32411)

 - The issue was addressed with improved checks. (CVE-2023-32371, CVE-2023-32390, CVE-2023-32391, CVE-2023-32394)

 - A privacy issue was addressed with improved handling of temporary files. (CVE-2023-32386)

 - The issue was addressed with improved handling of caches. (CVE-2023-32399, CVE-2023-32408)

 - This issue was addressed with improved redaction of sensitive information. (CVE-2023-28191)

 - An authentication issue was addressed with improved state management. (CVE-2023-32360)

 - A use-after-free issue was addressed with improved memory management. (CVE-2023-32373, CVE-2023-32387, CVE-2023-32398, CVE-2023-32412)

 - An out-of-bounds read was addressed with improved input validation. (CVE-2023-28204, CVE-2023-32368, CVE-2023-32372, CVE-2023-32375, CVE-2023-32382, CVE-2023-32402, CVE-2023-32410, CVE-2023-32420)

 - A buffer overflow was addressed with improved bounds checking. (CVE-2023-32384)

 - A type confusion issue was addressed with improved checks. (CVE-2023-27930)

 - The issue was addressed with additional permissions checks. (CVE-2023-27940)

 - A logic issue was addressed with improved checks. (CVE-2023-32352, CVE-2023-32405)

 - A logic issue was addressed with improved state management. (CVE-2023-32355, CVE-2023-32369, CVE-2023-32395, CVE-2023-32397, CVE-2023-32407)

 - An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2023-32380)

 - This issue was addressed with improved redaction of sensitive information. (CVE-2023-32389, CVE-2023-32403, CVE-2023-32415)

 - A denial-of-service issue was addressed with improved memory handling. (CVE-2023-32385)

 - An authorization issue was addressed with improved state management. (CVE-2023-32357)

 - This issue was addressed by adding additional SQLite logging restrictions. (CVE-2023-32422)

 - This issue was addressed with improved state management. (CVE-2023-28202)

 - A buffer overflow issue was addressed with improved memory handling. (CVE-2023-32423)

 - The issue was addressed with improved bounds checks. (CVE-2023-32409)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

Solution

Upgrade to macOS 13.4 or later.

See Also

https://support.apple.com/en-us/HT213758

Plugin Details

Severity: Critical

ID: 176078

File Name: macos_HT213758.nasl

Version: 1.4

Type: local

Agent: macosx

Published: 5/18/2023

Updated: 7/7/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-32412

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x, cpe:/o:apple:macos

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/18/2023

Vulnerability Publication Date: 5/18/2023

CISA Known Exploited Vulnerability Due Dates: 6/12/2023

Reference Information

CVE: CVE-2023-27930, CVE-2023-27940, CVE-2023-28191, CVE-2023-28202, CVE-2023-28204, CVE-2023-32352, CVE-2023-32355, CVE-2023-32357, CVE-2023-32360, CVE-2023-32363, CVE-2023-32367, CVE-2023-32368, CVE-2023-32371, CVE-2023-32372, CVE-2023-32373, CVE-2023-32375, CVE-2023-32376, CVE-2023-32380, CVE-2023-32382, CVE-2023-32384, CVE-2023-32385, CVE-2023-32386, CVE-2023-32387, CVE-2023-32388, CVE-2023-32389, CVE-2023-32390, CVE-2023-32391, CVE-2023-32392, CVE-2023-32394, CVE-2023-32395, CVE-2023-32397, CVE-2023-32398, CVE-2023-32399, CVE-2023-32400, CVE-2023-32402, CVE-2023-32403, CVE-2023-32404, CVE-2023-32405, CVE-2023-32407, CVE-2023-32408, CVE-2023-32409, CVE-2023-32410, CVE-2023-32411, CVE-2023-32412, CVE-2023-32413, CVE-2023-32414, CVE-2023-32415, CVE-2023-32420, CVE-2023-32422, CVE-2023-32423

APPLE-SA: HT213758

IAVA: 2023-A-0264-S