macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)
Critical Nessus Plugin ID 99134
Synopsis
The remote host is missing a macOS update that fixes multiple security vulnerabilities.
Description
The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :
- apache
- apache_mod_php
- AppleGraphicsPowerManagement
- AppleRAID
- Audio
- Bluetooth
- Carbon
- CoreGraphics
- CoreMedia
- CoreText
- curl
- EFI
- FinderKit
- FontParser
- HTTPProtocol
- Hypervisor
- iBooks
- ImageIO
- Intel Graphics Driver
- IOATAFamily
- IOFireWireAVC
- IOFireWireFamily
- Kernel
- Keyboards
- libarchive
- libc++abi
- LibreSSL
- MCX Client
- Menus
- Multi-Touch
- OpenSSH
- OpenSSL
- Printing
- python
- QuickTime
- Security
- SecurityFoundation
- sudo
- System Integrity Protection
- tcpdump
- tiffutil
- WebKit
Solution
Upgrade to macOS version 10.12.4 or later.