macOS 10.x < 10.14.5 Multiple Vulnerabilities (APPLE-SA-2019-05-09)

high Nessus Network Monitor Plugin ID 700667

Synopsis

The remote host is missing a macOS update that fixes multiple security vulnerabilities.

Description

The remote host is running a version of macOS / Mac OS X that is 10.x prior to 10.14.5. It is, therefore, affected by the following vulnerabilities :

- A validation issue was addressed with improved input sanitization.(CVE-2019-8603,CVE-2019-8560)

- A memory corruption issue was addressed with improved memory handling.(CVE-2019-8635,CVE-2019-8616,CVE-2018-4456,CVE-2019-8604,CVE-2019-8574,CVE-2019-8569)

- A logic issue was addressed with improved restrictions.(CVE-2019-8590)

- A memory corruption issue was addressed with improved error handling.(CVE-2019-8592)

- An out-of-bounds read was addressed with improved input validation.(CVE-2019-8585,CVE-2019-8607)

- This issue was addressed with improved checks.(CVE-2019-8589)

- An out-of-bounds read was addressed with improved bounds checking.(CVE-2019-8560,CVE-2019-8576)

- An authentication issue was addressed with improved state management.(CVE-2019-8634)

- A memory initialization issue was addressed with improved memory handling.(CVE-2019-8629)

- A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.(CVE-2019-8606,CVE-2019-8568)

- A use after free issue was addressed with improved memory management.(CVE-2019-8605)

- A type confusion issue was addressed with improved memory handling.(CVE-2019-8591)

- An input validation issue was addressed with improved memory handling.(CVE-2019-8577)

- A memory corruption issue was addressed with improved input validation.(CVE-2019-8600)

- An input validation issue was addressed with improved input validation.(CVE-2019-8598)

- A memory corruption issue was addressed by removing the vulnerable code.(CVE-2019-8602)

- Multiple memory corruption issues were addressed with improved memory handling.(CVE-2019-6237,CVE-2019-8571,CVE-2019-8583,CVE-2019-8584,CVE-2019-8586,CVE-2019-8587,CVE-2019-8594,CVE-2019-8595,CVE-2019-8596,CVE-2019-8597,CVE-2019-8601,CVE-2019-8608,CVE-2019-8609,CVE-2019-8610,CVE-2019-8611,CVE-2019-8615,CVE-2019-8619,CVE-2019-8622,CVE-2019-8623,CVE-2019-8628)

Solution

Upgrade to macOS version 10.14.5 or later.

See Also

https://support.apple.com/en-us/HT210119

Plugin Details

Severity: High

ID: 700667

Published: 5/16/2019

Updated: 5/16/2019

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 5/9/2019

Vulnerability Publication Date: 5/9/2019

Reference Information

CVE: CVE-2018-4456, CVE-2019-6237, CVE-2019-8560, CVE-2019-8568, CVE-2019-8569, CVE-2019-8571, CVE-2019-8574, CVE-2019-8576, CVE-2019-8577, CVE-2019-8583, CVE-2019-8584, CVE-2019-8585, CVE-2019-8586, CVE-2019-8587, CVE-2019-8589, CVE-2019-8590, CVE-2019-8591, CVE-2019-8592, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8598, CVE-2019-8600, CVE-2019-8601, CVE-2019-8602, CVE-2019-8603, CVE-2019-8604, CVE-2019-8605, CVE-2019-8606, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8616, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8628, CVE-2019-8629, CVE-2019-8634, CVE-2019-8635