Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Apple Mac OS X Multiple Vulnerabilities - 02 Jan14

Information

Severity

Severity

Critical

Family

Family

Mac OS X Local Security Checks

CVSSv2 Base

CVSSv2 Base

9.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

4 years ago

Summary

This host is running Apple Mac OS X and is prone to multiple vulnerabilities.

Insight

Insight

Multiple flaws are due to, - Permanent cookies were saved after quitting Safari, even when Private Browsing was enabled. - An unbounded stack allocation issue existed in the handling of text glyphs. - A privilege escalation issue existed in the handling of CUPS configuration via the CUPS web interface. - A local user who is not an administrator may disable FileVault using the command-line. - A buffer overflow existed in the handling of MP3 files. - A buffer overflow existed in the handling of FPX files. - A memory corruption issue existed in the handling of QTIF files. - A buffer overflow existed in the handling of 'enof' atoms. - Multiple errors in OpenSSL. - There were known attacks on the confidentiality of TLS 1.0 when compression was enabled. - An uninitialized memory access issue existed in the handling of text tracks. - A buffer overflow existed in the handling of PICT images. - If SMB file sharing is enabled, an authenticated user may be able to write files outside the shared directory.

Affected Software

Affected Software

Apple Mac OS X version 10.8 to 10.8.3, 10.7 to 10.7.5 and 10.6.8

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Upgrade to Apple Mac OS X version 10.8.4 or later or apply appropriate security update for 10.7 and 10.6 versions. Please see the references for more information.