macOS < 10.14 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 700518

Synopsis

The remote host is missing a macOS update that fixes multiple security vulnerabilities.

Description

The remote host is running a version of macOS that is prior to 10.14. It is, therefore, affected by multiple vulnerabilities in the following components :

 - afpserver
 - AppleGraphicsControl
 - Application Firewall
 - App Store
 - APR
 - ATS
 - Auto Unlock
 - Bluetooth
 - CFNetwork
 - CoreFoundation
 - CoreText
 - Crash Reporter
 - CUPS
 - Dictionary
 - Grand Central Dispatch
 - Heimdal
 - Hypervisor
 - iBooks
 - Intel Graphics Driver
 - IOHIDFamily
 - IOKit
 - IOUserEthernet
 - Kernel
 - LibreSSL
 - Login Window
 - mDNSOffloadUserClient
 - MediaRemote
 - Microcode
 - Security
 - Spotlight
 - Symptom Framework
 - Text
 - Wi-Fi

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Solution

Upgrade to macOS version 10.14 or later.

See Also

https://support.apple.com/en-us/HT209139

http://www.nessus.org/u?27448e16

Plugin Details

Severity: Critical

ID: 700518

Published: 2019/04/10

Updated: 2019/04/10

Dependencies: 4435

Nessus ID: 118178

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 2018/09/24

Vulnerability Publication Date: 2018/09/24

Reference Information

CVE: CVE-2016-0702, CVE-2015-3194, CVE-2015-5333, CVE-2015-5334, CVE-2016-1777, CVE-2017-12613, CVE-2017-12618, CVE-2018-3639, CVE-2018-3646, CVE-2018-4126, CVE-2018-4153, CVE-2018-4203, CVE-2018-4295, CVE-2018-4304, CVE-2018-4308, CVE-2018-4310, CVE-2018-4321, CVE-2018-4324, CVE-2018-4326, CVE-2018-4331, CVE-2018-4332, CVE-2018-4333, CVE-2018-4334, CVE-2018-4336, CVE-2018-4337, CVE-2018-4338, CVE-2018-4340, CVE-2018-4341, CVE-2018-4343, CVE-2018-4344, CVE-2018-4346, CVE-2018-4347, CVE-2018-4348, CVE-2018-4350, CVE-2018-4351, CVE-2018-4353, CVE-2018-4354, CVE-2018-4355, CVE-2018-4383, CVE-2018-4393, CVE-2018-4395, CVE-2018-4396, CVE-2018-4399, CVE-2018-4401, CVE-2018-4406, CVE-2018-4407, CVE-2018-4408, CVE-2018-4411, CVE-2018-4412, CVE-2018-4414, CVE-2018-4417, CVE-2018-4418, CVE-2018-4425, CVE-2018-4426, CVE-2018-5383

BID: 85054, 104879