Test ID:	1.3.6.1.4.1.25623.1.0.811853
Category:	Mac OS X Local Security Checks
Title:	Apple Mac OS X Multiple Information Disclosure Vulnerabilities (HT208165)
Summary:	This host is has Apple Mac OS X and; is prone to multiple information disclosure vulnerabilities.
Description:	Summary: This host is has Apple Mac OS X and is prone to multiple information disclosure vulnerabilities. Vulnerability Insight: Multiple flaws exist as, - A method existed for applications to bypass the key chain access prompt with a synthetic click. - If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. Vulnerability Impact: Successful exploitation will allow attackers to access sensitive information like passwords and other important data. Affected Software/OS: Apple Mac OS X version 10.13 before build 17A405. Solution: Upgrade to Apple Mac OS X version 10.13 build 17A405 by applying the supplemental update from the vendor. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7149 BugTraq ID: 101178 http://www.securityfocus.com/bid/101178 https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79 https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/ https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/ http://www.securitytracker.com/id/1039513 Common Vulnerability Exposure (CVE) ID: CVE-2017-7150 BugTraq ID: 101177 http://www.securityfocus.com/bid/101177 http://www.securitytracker.com/id/1039430
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.