macOS 10.13.x < 10.13.4 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 700515

Synopsis

The remote host is missing a macOS update that fixes multiple security vulnerabilities.

Description

The remote host is running a version of macOS that is 10.13.x prior to 10.13.4. It is, therefore, affected by multiple vulnerabilities in the following components :

- Admin Framework
- APFS
- ATS
- CoreFoundation
- CoreText
- Disk Images
- Disk Management
- File System Events
- iCloud Drive
- Intel Graphics Driver
- IOFireWireFamily
- Kernel
- kext tools
- LaunchServices
- Mail
- Notes
- NSURLSession
- NVIDIA Graphics Drivers
- PDFKit
- PluginKit
- Quick Look
- Security
- Storage
- System Preferences
- Terminal
- WindowServer

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Solution

Upgrade to macOS version 10.13.4 or later.

See Also

https://support.apple.com/en-us/HT208692

http://www.nessus.org/u?e0e00f71

Plugin Details

Severity: Critical

ID: 700515

Published: 2019/04/10

Updated: 2019/04/10

Dependencies: 4435

Nessus ID: 108786

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 2018/03/29

Vulnerability Publication Date: 2018/03/29

Reference Information

CVE: CVE-2017-8816, CVE-2017-13890, CVE-2018-4104, CVE-2018-4105, CVE-2018-4106, CVE-2018-4107, CVE-2018-4108, CVE-2018-4111, CVE-2018-4112, CVE-2018-4115, CVE-2018-4131, CVE-2018-4132, CVE-2018-4135, CVE-2018-4136, CVE-2018-4138, CVE-2018-4139, CVE-2018-4142, CVE-2018-4143, CVE-2018-4144, CVE-2018-4150, CVE-2018-4151, CVE-2018-4152, CVE-2018-4154, CVE-2018-4155, CVE-2018-4156, CVE-2018-4157, CVE-2018-4158, CVE-2018-4160, CVE-2018-4166, CVE-2018-4167, CVE-2018-4170, CVE-2018-4174, CVE-2018-4175, CVE-2018-4176

BID: 101998