Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)

critical Nessus Network Monitor Plugin ID 6857

Synopsis

The remote host is missing Mac OS X security update 2013-002 that fixes multiple security issues.

Description

The remote host is running a version of Mac OS X 10.8 that is older than 10.8.4. The newer version contains numerous security-related fixes :

- A local security-bypass vulnerability exists that affects the Disk Management component. The issue can be exploited by an unauthorized attacker to disable FileVault using the command-line. (CVE-2013-0985)

- A security-bypass vulnerability in SMB file sharing can occur whereby an authenticated attacker can write files outside the shared directory. (CVE-2013-0990)

- A remote buffer-overflow vulnerability exists when handling certain PICT images. (CVE-2013-0975)

- A security-bypass vulnerability exists whereby an attacker with access to a user's session may be able to log into previously accessed sites. An attacker can exploit this issue even if Private Browsing was used. (CVE-2013-0982)

- A remote-code execution issue affects the text glyphs because of an unbounded stack allocation when handling maliciously crafted URLs. (CVE-2013-0983)

- A remote-code execution vulnerability exists due to improper handling of text tracks. (CVE-2013-1024)

- A buffer-overflow vulnerability exists in the Directory Service daemon that can be exploited via a specially crafted network message. (CVE-2013-0984)

Solution

Upgrade to version 10.8.4 or higher.

See Also

http://support.apple.com/kb/HT5672

Plugin Details

Severity: Critical

ID: 6857

Family: Web Clients

Published: 6/5/2013

Updated: 3/6/2019

Nessus ID: 66808

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 6/4/2013

Vulnerability Publication Date: 6/4/2013

Reference Information

CVE: CVE-2011-1945, CVE-2011-3207, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0050, CVE-2012-2110, CVE-2012-2131, CVE-2012-2333, CVE-2012-4929, CVE-2012-5519, CVE-2013-0975, CVE-2013-0982, CVE-2013-0983, CVE-2013-0985, CVE-2013-0986, CVE-2013-0987, CVE-2013-0988, CVE-2013-0989, CVE-2013-0990, CVE-2013-1024

BID: 56494, 53476, 51281, 51563, 53158, 49469, 55704, 53212, 47888, 49471, 60099, 60100, 60101, 60109, 60331, 60365, 60366, 60367, 60368, 60369