Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Apple Mac OS X Multiple Vulnerabilities - 02 Jan14
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is running Apple Mac OS X and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws are due to, - Permanent cookies were saved after quitting Safari, even when Private Browsing was enabled. - An unbounded stack allocation issue existed in the handling of text glyphs. - A privilege escalation issue existed in the handling of CUPS configuration via the CUPS web interface. - A local user who is not an administrator may disable FileVault using the command-line. - A buffer overflow existed in the handling of MP3 files. - A buffer overflow existed in the handling of FPX files. - A memory corruption issue existed in the handling of QTIF files. - A buffer overflow existed in the handling of 'enof' atoms. - Multiple errors in OpenSSL. - There were known attacks on the confidentiality of TLS 1.0 when compression was enabled. - An uninitialized memory access issue existed in the handling of text tracks. - A buffer overflow existed in the handling of PICT images. - If SMB file sharing is enabled, an authenticated user may be able to write files outside the shared directory.
Affected Software
Affected Software
Apple Mac OS X version 10.8 to 10.8.3, 10.7 to 10.7.5 and 10.6.8
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to Apple Mac OS X version 10.8.4 or later or apply appropriate security update for 10.7 and 10.6 versions. Please see the references for more information.
Common Vulnerabilities and Exposures (CVE)
- CVE-2013-0982
- CVE-2013-0983
- CVE-2012-5519
- CVE-2013-0985
- CVE-2013-0989
- CVE-2012-4929
- CVE-2011-1945
- CVE-2011-3207
- CVE-2011-3210
- CVE-2011-4108
- CVE-2011-4109
- CVE-2011-4576
- CVE-2011-4577
- CVE-2011-4619
- CVE-2012-0050
- CVE-2012-2110
- CVE-2012-2131
- CVE-2012-2333
- CVE-2013-0986
- CVE-2013-0987
- CVE-2013-0988
- CVE-2013-0990
- CVE-2013-0975
- CVE-2013-1024