Mac OS X 10.x < 10.12.5 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 700119

Synopsis

The remote host is running a version of Mac OS X that is affected by multiple attack vectors.

Description

The remote host is running a version of Mac OS X version 10.x prior to 10.12.5, and is affected by multiple vulnerabilities :

- An overflow condition exists in the '_XGetWindowMovementGroup()' function within the WindowServer component that is triggered as certain input is not properly validated. This may allow a local attacker to cause a stack-based buffer overflow and potentially execute arbitrary code with the privileges of WindowServer. (OSVDB 157557)
- An unspecified flaw exists in the Intel graphics driver. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel-level privileges. (OSVDB 157576)
- An unspecified flaw exists in the NVIDIA graphics drivers. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel-level privileges. (OSVDB 157577)
- A flaw exists in the speechsynthesisd service, as unsigned dynamic libraries (.dylib) are improperly validated before being loaded. This may allow a local attacker to bypass an application's sandbox and execute arbitrary code with elevated privileges. (OSVDB 157598)
- An unspecified flaw exists in the Speech Framework. This may allow an attacker to escape an application sandbox. (OSVDB 157599)
- A certificate validation flaw exists in 802.1X authentication that is triggered in EAP-TLS when a certificate has changed. This may allow a context-dependent attacker to disclose user network credentials. (OSVDB 157607)
- A type confusion flaw exists in SQLite that is triggered as certain input related to 'snippet' is not properly validated. With specially crafted web content, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (OSVDB 158290, OSVDB 158291, OSVDB 158292)

This product is also affected by vulnerabilities found in the following components:

- Accessibility (OSVDB 157580)
- CoreAnimation (OSVDB 157568)
- CoreAudio (OSVDB 157552)
- CoreFoundation (OSVDB 157894)
- DiskArbitration (OSVDB 157570)
- Foundation (OSVDB 157895)
- HFS (OSVDB 157567)
- iBooks (OSVDB 157548, OSVDB 157551, OSVDB 157581)
- IOSurface (OSVDB 157550)
- Kernel (OSVDB 157547, OSVDB 157549, OSVDB 157554, OSVDB 157571, OSVDB 157572, OSVDB 157574, OSVDB 157575, )
- Multi-Touch (OSVDB 157578, OSVDB 157579)
- SQLite (OSVDB 157561, OSVDB 157562, OSVDB 157563, OSVDB 157564, OSVDB 157565, OSVDB 157560)
- Sandbox (OSVDB 157583)
- Security (OSVDB 157606)
- TextInput (OSVDB 157553)
- WindowServer (OSVDB 157556, OSVDB 157558, OSVDB 157597)

Solution

Upgrade to Mac OS X 10.12.5 or later.

See Also

https://support.apple.com/en-us/HT207797

Plugin Details

Severity: Critical

ID: 700119

File Name: 700119.prm

Published: 2017/05/17

Modified: 2017/05/31

Dependencies: 4435

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 2017/05/15

Vulnerability Publication Date: 2017/05/15

Reference Information

CVE: CVE-2017-2494, CVE-2017-2497, CVE-2017-2501, CVE-2017-2502, CVE-2017-2503, CVE-2017-2507, CVE-2017-2509, CVE-2017-2512, CVE-2017-2513, CVE-2017-2516, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2522, CVE-2017-2523, CVE-2017-2524, CVE-2017-2527, CVE-2017-2533, CVE-2017-2534, CVE-2017-2535, CVE-2017-2537, CVE-2017-2540, CVE-2017-2541, CVE-2017-2542, CVE-2017-2543, CVE-2017-2546, CVE-2017-2548, CVE-2017-6977, CVE-2017-6978, CVE-2017-6979, CVE-2017-6981, CVE-2017-6983, CVE-2017-6985, CVE-2017-6986, CVE-2017-6987, CVE-2017-6988, CVE-2017-6990, CVE-2017-6991, CVE-2017-7000, CVE-2017-7001, CVE-2017-7002

BID: 98584, 98588