Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 700032

Synopsis

The remote host is missing a critical Mac OS X patch update.

Description

The remote host is running a version of Mac OS X version 10.x prior to 10.12.4 , and is affected by multiple vulnerabilities :

- A format string flaw exists that is triggered as string format specifiers (e.g. %s and %x) are not properly used when handling IPP(S) links. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2403)
- A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API call. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)
- A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430)
- A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441)
- A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448)
- An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462)
- An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2485)

Additional flaws exist in the following components :

- AppleGraphicsPowerManagement (CVE-2017-2421)
- AppleRAID (CVE-2017-2438)
- Bluetooth (CVE-2017-2420, CVE-2017-2427, CVE-2017-2449)
- Carbon (CVE-2017-2379)
- CoreGraphics (CVE-2017-2417)
- CoreMedia (2017-2431)
- CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461)
- EFI (CVE-2016-7585)
- Finderkit (CVE-2017-2429)
- FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487)
- Hypervisor (CVE-2017-2418)
- iBooks (CVE-2017-2426)
- IOATAFamily (CVE-2017-2408)
- IOFireWireAVC (CVE-2017-2436, CVE-2017-2437)
- IOFireWireFamily (CVE-2017-2388)
- ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467)
- Intel Graphics (CVE-2017-2443)
- Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2410, 2017-2440, 2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2489, CVE-2017-2490)
- Keyboards (CVE-2017-2458)
- libarchive (CVE-2017-2390)
- libxslt (CVE-2017-2477)
- MCX (CVE-2017-2402)
- Menus (CVE-2017-2409)
- Multi-touch (CVE-2017-2422)
- nghttp2 (CVE-2017-2428)
- QuickTime (2017-2413)
- Security (2017-2451, 2017-6974)
- SecurityFoundation (CVE-2017-2425)
- sudo (CVE-2017-2381)
- WebKit (CVE-2017-2392, CVE-2017-2457, CVE-2017-2486)

Solution

Upgrade to Mac OS X 10.12.4 or later.

See Also

https://threatpost.com/apple-fixes-223-vulnerabilities-across-macos-ios-safari/124599

https://support.apple.com/en-us/HT207615

Plugin Details

Severity: Critical

ID: 700032

Published: 2017/03/31

Updated: 2019/03/06

Dependencies: 4435

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 2017/03/27

Vulnerability Publication Date: 2017/03/27

Reference Information

CVE: CVE-2016-7585, CVE-2017-2379, CVE-2017-2381, CVE-2017-2388, CVE-2017-2390, CVE-2017-2392, CVE-2017-2398, CVE-2017-2401, CVE-2017-2402, CVE-2017-2403, CVE-2017-2406, CVE-2017-2407, CVE-2017-2408, CVE-2017-2409, CVE-2017-2410, CVE-2017-2413, CVE-2017-2416, CVE-2017-2417, CVE-2017-2418, CVE-2017-2420, CVE-2017-2421, CVE-2017-2422, CVE-2017-2423, CVE-2017-2425, CVE-2017-2426, CVE-2017-2427, CVE-2017-2428, CVE-2017-2429, CVE-2017-2430, CVE-2017-2431, CVE-2017-2432, CVE-2017-2435, CVE-2017-2436, CVE-2017-2437, CVE-2017-2438, CVE-2017-2439, CVE-2017-2440, CVE-2017-2441, CVE-2017-2443, CVE-2017-2448, CVE-2017-2449, CVE-2017-2450, CVE-2017-2451, CVE-2017-2456, CVE-2017-2457, CVE-2017-2458, CVE-2017-2461, CVE-2017-2462, CVE-2017-2467, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2485, CVE-2017-2486, CVE-2017-2487, CVE-2017-6974, CVE-2017-2477, CVE-2017-2489, CVE-2017-2490

BID: 97137, 97140