Detections
Analytics

Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 700032

Synopsis

The remote host is missing a critical Mac OS X patch update.

Description

The remote host is running a version of Mac OS X version 10.x prior to 10.12.4 , and is affected by multiple vulnerabilities :

 - A format string flaw exists that is triggered as string format specifiers (e.g. %s and %x) are not properly used when handling IPP(S) links. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2403)
 - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API call. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)
 - A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430)
 - A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441)
 - A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448)
 - An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462)
 - An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2485)

Additional flaws exist in the following components :

 - AppleGraphicsPowerManagement (CVE-2017-2421)
 - AppleRAID (CVE-2017-2438)
 - Bluetooth (CVE-2017-2420, CVE-2017-2427, CVE-2017-2449)
 - Carbon (CVE-2017-2379)
 - CoreGraphics (CVE-2017-2417)
 - CoreMedia (2017-2431)
 - CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461)
 - EFI (CVE-2016-7585)
 - Finderkit (CVE-2017-2429)
 - FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487)
 - Hypervisor (CVE-2017-2418)
 - iBooks (CVE-2017-2426)
 - IOATAFamily (CVE-2017-2408)
 - IOFireWireAVC (CVE-2017-2436, CVE-2017-2437)
 - IOFireWireFamily (CVE-2017-2388)
 - ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467)
 - Intel Graphics (CVE-2017-2443)
 - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2410, 2017-2440, 2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2489, CVE-2017-2490)
 - Keyboards (CVE-2017-2458)
 - libarchive (CVE-2017-2390)
 - libxslt (CVE-2017-2477)
 - MCX (CVE-2017-2402)
 - Menus (CVE-2017-2409)
 - Multi-touch (CVE-2017-2422)
 - nghttp2 (CVE-2017-2428)
 - QuickTime (2017-2413)
 - Security (2017-2451, 2017-6974)
 - SecurityFoundation (CVE-2017-2425)
 - sudo (CVE-2017-2381)
 - WebKit (CVE-2017-2392, CVE-2017-2457, CVE-2017-2486)

Solution

Upgrade to Mac OS X 10.12.4 or later.

See Also

https://support.apple.com/en-us/HT207615

https://threatpost.com/apple-fixes-223-vulnerabilities-across-macos-ios-safari/124599

Plugin Details

Severity: Critical

ID: 700032

Published: 3/31/2017

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 3/27/2017

Vulnerability Publication Date: 3/27/2017

Reference Information

CVE: CVE-2016-7585, CVE-2017-2379, CVE-2017-2381, CVE-2017-2388, CVE-2017-2390, CVE-2017-2392, CVE-2017-2398, CVE-2017-2401, CVE-2017-2402, CVE-2017-2403, CVE-2017-2406, CVE-2017-2407, CVE-2017-2408, CVE-2017-2409, CVE-2017-2410, CVE-2017-2413, CVE-2017-2416, CVE-2017-2417, CVE-2017-2418, CVE-2017-2420, CVE-2017-2421, CVE-2017-2422, CVE-2017-2423, CVE-2017-2425, CVE-2017-2426, CVE-2017-2427, CVE-2017-2428, CVE-2017-2429, CVE-2017-2430, CVE-2017-2431, CVE-2017-2432, CVE-2017-2435, CVE-2017-2436, CVE-2017-2437, CVE-2017-2438, CVE-2017-2439, CVE-2017-2440, CVE-2017-2441, CVE-2017-2443, CVE-2017-2448, CVE-2017-2449, CVE-2017-2450, CVE-2017-2451, CVE-2017-2456, CVE-2017-2457, CVE-2017-2458, CVE-2017-2461, CVE-2017-2462, CVE-2017-2467, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2477, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2485, CVE-2017-2486, CVE-2017-2487, CVE-2017-2489, CVE-2017-2490, CVE-2017-6974

BID: 97137, 97140