macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)

Critical Nessus Plugin ID 99134

Synopsis

The remote host is missing a macOS update that fixes multiple security vulnerabilities.

Description

The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

- apache
- apache_mod_php
- AppleGraphicsPowerManagement
- AppleRAID
- Audio
- Bluetooth
- Carbon
- CoreGraphics
- CoreMedia
- CoreText
- curl
- EFI
- FinderKit
- FontParser
- HTTPProtocol
- Hypervisor
- iBooks
- ImageIO
- Intel Graphics Driver
- IOATAFamily
- IOFireWireAVC
- IOFireWireFamily
- Kernel
- Keyboards
- libarchive
- libc++abi
- LibreSSL
- MCX Client
- Menus
- Multi-Touch
- OpenSSH
- OpenSSL
- Printing
- python
- QuickTime
- Security
- SecurityFoundation
- sudo
- System Integrity Protection
- tcpdump
- tiffutil
- WebKit

Solution

Upgrade to macOS version 10.12.4 or later.

macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)

Critical Nessus Plugin ID 99134

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information