Apple MacOSX Security Updates(HT210348)-01

Published: 2019-07-23 07:09:20
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
This host is installed with Apple Mac OS X and is prone to multiple vulnerabilities.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exists due to, - An out-of-bounds read error while parsing a maliciously crafted office document in UIFoundation. - An use-after-free error when deserializing an untrusted NSDictionary. - A stack overflow due to improper input validation in libxslt. - An issue in Samba due to improper checks to prevent unauthorized actions. - An out-of-bounds read error due to improper input validation in Foundation. - A memory corruption issue in Bluetooth.

Impact:
Successful exploitation allow attackers to cause arbitrary code execution, unexpected application termination, perform unauthorized actions and view sensitive information

Affected Versions:
Apple Mac OS X versions, 10.12.x through 10.12.6, 10.13.x through 10.13.6, 10.14.x through 10.14.5

Recommendations:
Apply appropriate security updates from the vendor. Please see the references for more information.

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2018-16860
https://nvd.nist.gov/vuln/detail/CVE-2019-8662
https://nvd.nist.gov/vuln/detail/CVE-2019-8641
https://nvd.nist.gov/vuln/detail/CVE-2018-19860
https://nvd.nist.gov/vuln/detail/CVE-2019-8656
https://nvd.nist.gov/vuln/detail/CVE-2019-8657
https://nvd.nist.gov/vuln/detail/CVE-2019-13118

CVE Analysis

https://www.mageni.net/cve/CVE-2018-16860
https://www.mageni.net/cve/CVE-2019-8662
https://www.mageni.net/cve/CVE-2019-8641
https://www.mageni.net/cve/CVE-2018-19860
https://www.mageni.net/cve/CVE-2019-8656
https://www.mageni.net/cve/CVE-2019-8657
https://www.mageni.net/cve/CVE-2019-13118

References:

https://support.apple.com/en-us/HT210348
https://www.apple.com/in/macos/

Severity
High
CVSS Score
10.0
Published
2019-07-23
Modified
2019-07-23
Category
Mac OS X Local Security Checks

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.