Mac OS X 10.x < 10.12.5 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 700119

Synopsis

The remote host is running a version of Mac OS X that is affected by multiple attack vectors.

Description

The remote host is running a version of Mac OS X version 10.x prior to 10.12.5, and is affected by multiple vulnerabilities :

- An overflow condition exists in the '_XGetWindowMovementGroup()' function within the WindowServer component that is triggered as certain input is not properly validated. This may allow a local attacker to cause a stack-based buffer overflow and potentially execute arbitrary code with the privileges of WindowServer.
- An unspecified flaw exists in the Intel graphics driver. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel-level privileges.
- An unspecified flaw exists in the NVIDIA graphics drivers. This may allow a local attacker to corrupt memory and potentially execute arbitrary code with kernel-level privileges.
- A flaw exists in the speechsynthesisd service, as unsigned dynamic libraries (.dylib) are improperly validated before being loaded. This may allow a local attacker to bypass an application's sandbox and execute arbitrary code with elevated privileges.
- An unspecified flaw exists in the Speech Framework. This may allow an attacker to escape an application sandbox.
- A certificate validation flaw exists in 802.1X authentication that is triggered in EAP-TLS when a certificate has changed. This may allow a context-dependent attacker to disclose user network credentials.
- A type confusion flaw exists in SQLite that is triggered as certain input related to 'snippet' is not properly validated. With specially crafted web content, a context-dependent attacker can corrupt memory and potentially execute arbitrary code.

This product is also affected by vulnerabilities found in the following components:

- Accessibility
- CoreAnimation
- CoreAudio
- CoreFoundation
- DiskArbitration
- Foundation
- HFS
- iBooks
- IOSurface
- Kernel)
- Multi-Touch
- SQLite
- Sandbox
- Security
- TextInput
- WindowServer

Solution

Upgrade to Mac OS X 10.12.5 or later.

See Also

https://support.apple.com/en-us/HT207797

Plugin Details

Severity: Critical

ID: 700119

Published: 5/17/2017

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 5/15/2017

Vulnerability Publication Date: 5/15/2017

Reference Information

CVE: CVE-2017-2494, CVE-2017-2497, CVE-2017-2501, CVE-2017-2502, CVE-2017-2503, CVE-2017-2507, CVE-2017-2509, CVE-2017-2512, CVE-2017-2513, CVE-2017-2516, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2522, CVE-2017-2523, CVE-2017-2524, CVE-2017-2527, CVE-2017-2533, CVE-2017-2534, CVE-2017-2535, CVE-2017-2537, CVE-2017-2540, CVE-2017-2541, CVE-2017-2542, CVE-2017-2543, CVE-2017-2546, CVE-2017-2548, CVE-2017-6977, CVE-2017-6978, CVE-2017-6979, CVE-2017-6981, CVE-2017-6983, CVE-2017-6985, CVE-2017-6986, CVE-2017-6987, CVE-2017-6988, CVE-2017-6990, CVE-2017-6991, CVE-2017-7000, CVE-2017-7001, CVE-2017-7002

BID: 98584, 98588