Apple MacOSX Security Updates(HT210722)-01

Published: 2019-10-30 06:38:21
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
This host is installed with Apple Mac OS X and is prone to multiple vulnerabilities.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exists due to, - A validation issue related to improper input sanitization. - A memory corruption issue was addressed with improved memory handling. - An out-of-bounds read error related to improper input validation. - An issue existed in the parsing of URLs. - A validation issue related to handling of symlinks. - An inconsistent user interface issue related to improper state management. - Multiple memory corruption issues related to improper memory handling. - A dynamic library loading issue existed in iTunes setup. - A validation issue existed in the entitlement verification.

Impact:
Successful exploitation allow attackers to read restricted memory, execute arbitrary code with system privileges, conduct data exfiltration, disclosure of user information and conduct spoofing attack.

Affected Versions:
Apple Mac OS X version 10.15

Recommendations:
Upgrade to Apple Mac OS X 10.15.1 or later.

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2019-8817
https://nvd.nist.gov/vuln/detail/CVE-2019-8784
https://nvd.nist.gov/vuln/detail/CVE-2019-8787
https://nvd.nist.gov/vuln/detail/CVE-2019-8788
https://nvd.nist.gov/vuln/detail/CVE-2019-8789
https://nvd.nist.gov/vuln/detail/CVE-2017-7152
https://nvd.nist.gov/vuln/detail/CVE-2019-8807
https://nvd.nist.gov/vuln/detail/CVE-2019-8805
https://nvd.nist.gov/vuln/detail/CVE-2019-8803
https://nvd.nist.gov/vuln/detail/CVE-2019-8801
https://nvd.nist.gov/vuln/detail/CVE-2019-8794

CVE Analysis

https://www.mageni.net/cve/CVE-2019-8817
https://www.mageni.net/cve/CVE-2019-8784
https://www.mageni.net/cve/CVE-2019-8787
https://www.mageni.net/cve/CVE-2019-8788
https://www.mageni.net/cve/CVE-2019-8789
https://www.mageni.net/cve/CVE-2017-7152
https://www.mageni.net/cve/CVE-2019-8807
https://www.mageni.net/cve/CVE-2019-8805
https://www.mageni.net/cve/CVE-2019-8803
https://www.mageni.net/cve/CVE-2019-8801
https://www.mageni.net/cve/CVE-2019-8794

References:

https://support.apple.com/en-in/HT210722
https://www.apple.com.

Severity
High
CVSS Score
10.0
Published
2019-10-30
Modified
2019-11-04
Category
Mac OS X Local Security Checks

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.