ID de Prueba:	1.3.6.1.4.1.25623.1.0.832879
Categoría:	Mac OS X Local Security Checks
Título:	Apple Mac OS X Security Update (HT214084)
Resumen:	Apple Mac OS X is prone to multiple; vulnerabilities.
Descripción:	Summary: Apple Mac OS X is prone to multiple vulnerabilities. Vulnerability Insight: These vulnerabilities exist: - CVE-2024-23273: Private Browsing tabs may be accessed without authentication - CVE-2024-23263: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Please see the references for more information on the vulnerabilities. Vulnerability Impact: Successful exploitation allows an attacker to conduct arbitrary code execution, information disclosure and denial of service. Affected Software/OS: Apple macOS Sonoma prior to version 14.4 Solution: Update macOS Sonoma to version 14.4 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-23291 http://seclists.org/fulldisclosure/2024/Mar/21 http://seclists.org/fulldisclosure/2024/Mar/24 http://seclists.org/fulldisclosure/2024/Mar/25 https://support.apple.com/en-us/HT214081 https://support.apple.com/en-us/HT214084 https://support.apple.com/en-us/HT214086 https://support.apple.com/en-us/HT214088 Common Vulnerability Exposure (CVE) ID: CVE-2024-23276 http://seclists.org/fulldisclosure/2024/Mar/22 http://seclists.org/fulldisclosure/2024/Mar/23 https://support.apple.com/en-us/HT214083 https://support.apple.com/en-us/HT214085 Common Vulnerability Exposure (CVE) ID: CVE-2024-23227 Common Vulnerability Exposure (CVE) ID: CVE-2024-23233 Common Vulnerability Exposure (CVE) ID: CVE-2024-23269 Common Vulnerability Exposure (CVE) ID: CVE-2024-23288 Common Vulnerability Exposure (CVE) ID: CVE-2024-23277 Common Vulnerability Exposure (CVE) ID: CVE-2024-23247 Common Vulnerability Exposure (CVE) ID: CVE-2024-23248 Common Vulnerability Exposure (CVE) ID: CVE-2024-23249 Common Vulnerability Exposure (CVE) ID: CVE-2024-23250 Common Vulnerability Exposure (CVE) ID: CVE-2024-23244 Common Vulnerability Exposure (CVE) ID: CVE-2024-23205 Common Vulnerability Exposure (CVE) ID: CVE-2022-48554 Debian Security Information: DSA-5489 (Google Search) https://www.debian.org/security/2023/dsa-5489 https://bugs.astron.com/view.php?id=310 Common Vulnerability Exposure (CVE) ID: CVE-2024-23253 Common Vulnerability Exposure (CVE) ID: CVE-2024-23270 Common Vulnerability Exposure (CVE) ID: CVE-2024-23257 http://seclists.org/fulldisclosure/2024/Mar/26 https://support.apple.com/en-us/HT214082 https://support.apple.com/en-us/HT214087 Common Vulnerability Exposure (CVE) ID: CVE-2024-23258 Common Vulnerability Exposure (CVE) ID: CVE-2024-23286 Common Vulnerability Exposure (CVE) ID: CVE-2024-23234 Common Vulnerability Exposure (CVE) ID: CVE-2024-23266 Common Vulnerability Exposure (CVE) ID: CVE-2024-23235 Common Vulnerability Exposure (CVE) ID: CVE-2024-23265 Common Vulnerability Exposure (CVE) ID: CVE-2024-23225 http://seclists.org/fulldisclosure/2024/Mar/18 http://seclists.org/fulldisclosure/2024/Mar/19 Common Vulnerability Exposure (CVE) ID: CVE-2024-23278 Common Vulnerability Exposure (CVE) ID: CVE-2024-0258 Common Vulnerability Exposure (CVE) ID: CVE-2024-23279 Common Vulnerability Exposure (CVE) ID: CVE-2024-23287 Common Vulnerability Exposure (CVE) ID: CVE-2024-23264 Common Vulnerability Exposure (CVE) ID: CVE-2024-23285 Common Vulnerability Exposure (CVE) ID: CVE-2024-23283 Common Vulnerability Exposure (CVE) ID: CVE-2023-48795 Debian Security Information: DSA-5586 (Google Search) https://www.debian.org/security/2023/dsa-5586 Debian Security Information: DSA-5588 (Google Search) https://www.debian.org/security/2023/dsa-5588 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html https://access.redhat.com/security/cve/cve-2023-48795 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://gitlab.com/libssh/libssh-mirror/-/tags https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://oryx-embedded.com/download/#changelog https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 Common Vulnerability Exposure (CVE) ID: CVE-2023-51384 https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b Common Vulnerability Exposure (CVE) ID: CVE-2023-51385 https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html http://www.openwall.com/lists/oss-security/2023/12/26/4 Common Vulnerability Exposure (CVE) ID: CVE-2022-42816 https://support.apple.com/en-us/HT213488 Common Vulnerability Exposure (CVE) ID: CVE-2024-23216 Common Vulnerability Exposure (CVE) ID: CVE-2024-23267 Common Vulnerability Exposure (CVE) ID: CVE-2024-23268 Common Vulnerability Exposure (CVE) ID: CVE-2024-23274 Common Vulnerability Exposure (CVE) ID: CVE-2023-42853 https://support.apple.com/en-us/HT213983 https://support.apple.com/en-us/HT213984 https://support.apple.com/en-us/HT213985 Common Vulnerability Exposure (CVE) ID: CVE-2024-23275 Common Vulnerability Exposure (CVE) ID: CVE-2024-23255 Common Vulnerability Exposure (CVE) ID: CVE-2024-23294 Common Vulnerability Exposure (CVE) ID: CVE-2024-23296 http://seclists.org/fulldisclosure/2024/May/11 http://seclists.org/fulldisclosure/2024/May/13 Common Vulnerability Exposure (CVE) ID: CVE-2024-23259 Common Vulnerability Exposure (CVE) ID: CVE-2024-23273 http://seclists.org/fulldisclosure/2024/Mar/20 https://support.apple.com/en-us/HT214089 Common Vulnerability Exposure (CVE) ID: CVE-2024-23238 Common Vulnerability Exposure (CVE) ID: CVE-2024-23239 Common Vulnerability Exposure (CVE) ID: CVE-2024-23290 Common Vulnerability Exposure (CVE) ID: CVE-2024-23232 Common Vulnerability Exposure (CVE) ID: CVE-2024-23231 Common Vulnerability Exposure (CVE) ID: CVE-2024-23230 Common Vulnerability Exposure (CVE) ID: CVE-2024-23245 Common Vulnerability Exposure (CVE) ID: CVE-2024-23292 Common Vulnerability Exposure (CVE) ID: CVE-2024-23289 Common Vulnerability Exposure (CVE) ID: CVE-2024-23293 Common Vulnerability Exposure (CVE) ID: CVE-2024-23241 Common Vulnerability Exposure (CVE) ID: CVE-2024-23272 Common Vulnerability Exposure (CVE) ID: CVE-2024-23242 Common Vulnerability Exposure (CVE) ID: CVE-2024-23281 Common Vulnerability Exposure (CVE) ID: CVE-2024-23260 Common Vulnerability Exposure (CVE) ID: CVE-2024-23246 Common Vulnerability Exposure (CVE) ID: CVE-2024-23226 Common Vulnerability Exposure (CVE) ID: CVE-2024-23254 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/ http://www.openwall.com/lists/oss-security/2024/03/26/1 Common Vulnerability Exposure (CVE) ID: CVE-2024-23263 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/ Common Vulnerability Exposure (CVE) ID: CVE-2024-23280 Common Vulnerability Exposure (CVE) ID: CVE-2024-23284 Common Vulnerability Exposure (CVE) ID: CVE-2024-27853 Common Vulnerability Exposure (CVE) ID: CVE-2024-27809 Common Vulnerability Exposure (CVE) ID: CVE-2024-27887 Common Vulnerability Exposure (CVE) ID: CVE-2024-27888 Common Vulnerability Exposure (CVE) ID: CVE-2024-23261 Common Vulnerability Exposure (CVE) ID: CVE-2024-27886 Common Vulnerability Exposure (CVE) ID: CVE-2024-27859 Common Vulnerability Exposure (CVE) ID: CVE-2024-54658
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.