Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.811853
Category:Mac OS X Local Security Checks
Title:Apple Mac OS X Multiple Information Disclosure Vulnerabilities-HT208165
Summary:This host is has Apple Mac OS X and; is prone to multiple information disclosure vulnerabilities.
Description:Summary:
This host is has Apple Mac OS X and
is prone to multiple information disclosure vulnerabilities.

Vulnerability Insight:
Multiple flaws exist as,

- A method existed for applications to bypass the key chain access prompt with
a synthetic click.

- If a hint was set in Disk Utility when creating an APFS encrypted volume,
the password was stored as the hint.

Vulnerability Impact:
Successful exploitation will allow attackers
to access sensitive information like passwords and other important data.

Affected Software/OS:
Apple Mac OS X version 10.13 before
build 17A405.

Solution:
Upgrade to Apple Mac OS X version
10.13 build 17A405 by applying the supplemental update from the vendor.

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: BugTraq ID: 101178
BugTraq ID: 101177
Common Vulnerability Exposure (CVE) ID: CVE-2017-7149
http://www.securityfocus.com/bid/101178
https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79
https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/
https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/
http://www.securitytracker.com/id/1039513
Common Vulnerability Exposure (CVE) ID: CVE-2017-7150
http://www.securityfocus.com/bid/101177
http://www.securitytracker.com/id/1039430
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.