Mac OS X 10.x < 10.12.5 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 700119

Synopsis

The remote host is running a version of Mac OS X that is affected by multiple attack vectors.

Description

The remote host is running a version of Mac OS X version 10.x prior to 10.12.5, and is affected by multiple vulnerabilities :

 - An overflow condition exists in the '_XGetWindowMovementGroup()' function within the WindowServer component that is triggered as certain input is not properly validated. This may allow a local attacker to cause a stack-based buffer overflow and potentially execute arbitrary code with the privileges of WindowServer.
 - An unspecified flaw exists in the Intel graphics driver. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel-level privileges.
 - An unspecified flaw exists in the NVIDIA graphics drivers. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel-level privileges.
 - A flaw exists in the speechsynthesisd service, as unsigned dynamic libraries (.dylib) are improperly validated before being loaded. This may allow a local attacker to bypass an application's sandbox and execute arbitrary code with elevated privileges.
 - An unspecified flaw exists in the Speech Framework. This may allow an attacker to escape an application sandbox.
 - A certificate validation flaw exists in 802.1X authentication that is triggered in EAP-TLS when a certificate has changed. This may allow a context-dependent attacker to disclose user network credentials.
 - A type confusion flaw exists in SQLite that is triggered as certain input related to 'snippet' is not properly validated. With specially crafted web content, a context-dependent attacker can corrupt memory and potentially execute arbitrary code.

This product is also affected by vulnerabilities found in the following components:

 - Accessibility
 - CoreAnimation
 - CoreAudio
 - CoreFoundation
 - DiskArbitration
 - Foundation
 - HFS
 - iBooks
 - IOSurface
 - Kernel)
 - Multi-Touch
- SQLite
 - Sandbox
 - Security
 - TextInput
 - WindowServer

Solution

Upgrade to Mac OS X 10.12.5 or later.

See Also

https://support.apple.com/en-us/HT207797

Plugin Details

Severity: Critical

ID: 700119

Published: 5/17/2017

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Patch Publication Date: 5/15/2017

Vulnerability Publication Date: 5/15/2017

Reference Information

CVE: CVE-2017-2501, CVE-2017-2502, CVE-2017-2507, CVE-2017-2513, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2524, CVE-2017-6979, CVE-2017-6987, CVE-2017-7000, CVE-2017-6981, CVE-2017-2516, CVE-2017-2534, CVE-2017-6990, CVE-2017-2540, CVE-2017-2509, CVE-2017-2535, CVE-2017-2522, CVE-2017-2523, CVE-2017-2497, CVE-2017-6983, CVE-2017-6991, CVE-2017-7001, CVE-2017-7002, CVE-2017-6988, CVE-2017-6978, CVE-2017-2527, CVE-2017-2533, CVE-2017-6986, CVE-2017-2503, CVE-2017-2494, CVE-2017-2546, CVE-2017-2542, CVE-2017-2543, CVE-2017-6985, CVE-2017-2512, CVE-2017-6977, CVE-2017-2537, CVE-2017-2541, CVE-2017-2548

BID: 98584, 98588