Test ID:	1.3.6.1.4.1.25623.1.0.812400
Category:	Mac OS X Local Security Checks
Title:	Apple Mac OS X Security Updates (HT208331, HT208394)-01
Summary:	Apple Mac OS X is prone to multiple vulnerabilities.
Description:	Summary: Apple Mac OS X is prone to multiple vulnerabilities. Vulnerability Insight: The Security update resolves, a logic error existed in the validation of credentials, an encryption issue existed with S/MIME credentials, an inconsistent user interface issue and an error in systems with microprocessors utilizing speculative execution, memory corruption issue, input validation issue existed in the kernel, an out-of-bounds read error and indirect branch prediction. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code with kernel and system privileges. Also attacker may be able to bypass administrator authentication without supplying the administrator's password and also allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache and can cause unexpected system termination. Affected Software/OS: Apple Mac OS X versions, 10.13.x through 10.13.1 Solution: Upgrade to Apple Mac OS X 10.13.2 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-13887 Common Vulnerability Exposure (CVE) ID: CVE-2017-5754 BugTraq ID: 102378 http://www.securityfocus.com/bid/102378 BugTraq ID: 106128 http://www.securityfocus.com/bid/106128 CERT/CC vulnerability note: VU#180049 https://www.kb.cert.org/vuls/id/180049 CERT/CC vulnerability note: VU#584653 http://www.kb.cert.org/vuls/id/584653 Cisco Security Advisory: 20180104 CPU Side-Channel Information Disclosure Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel Debian Security Information: DSA-4078 (Google Search) https://www.debian.org/security/2018/dsa-4078 Debian Security Information: DSA-4082 (Google Search) https://www.debian.org/security/2018/dsa-4082 Debian Security Information: DSA-4120 (Google Search) https://www.debian.org/security/2018/dsa-4120 FreeBSD Security Advisory: FreeBSD-SA-18:03 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc https://security.gentoo.org/glsa/201810-06 https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html https://meltdownattack.com/ https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html RedHat Security Advisories: RHSA-2018:0292 https://access.redhat.com/errata/RHSA-2018:0292 http://www.securitytracker.com/id/1040071 SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html https://usn.ubuntu.com/usn/usn-3516-1/ https://usn.ubuntu.com/usn/usn-3522-2/ https://usn.ubuntu.com/3522-3/ https://usn.ubuntu.com/3522-4/ https://usn.ubuntu.com/3523-1/ https://usn.ubuntu.com/usn/usn-3523-2/ https://usn.ubuntu.com/usn/usn-3524-2/ https://usn.ubuntu.com/usn/usn-3525-1/ https://usn.ubuntu.com/3540-2/ https://usn.ubuntu.com/3541-2/ https://usn.ubuntu.com/3583-1/ https://usn.ubuntu.com/3597-1/ https://usn.ubuntu.com/3597-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-13860 BugTraq ID: 102097 http://www.securityfocus.com/bid/102097 http://www.securitytracker.com/id/1039953 http://www.securitytracker.com/id/1039966 Common Vulnerability Exposure (CVE) ID: CVE-2017-13871 BugTraq ID: 102099 http://www.securityfocus.com/bid/102099 Common Vulnerability Exposure (CVE) ID: CVE-2017-13865 BugTraq ID: 102100 http://www.securityfocus.com/bid/102100 https://www.exploit-db.com/exploits/43321/ http://www.securitytracker.com/id/1039952 Common Vulnerability Exposure (CVE) ID: CVE-2017-13876 https://www.exploit-db.com/exploits/43325/ Common Vulnerability Exposure (CVE) ID: CVE-2017-13848 Common Vulnerability Exposure (CVE) ID: CVE-2017-13858 Common Vulnerability Exposure (CVE) ID: CVE-2017-13875 https://www.exploit-db.com/exploits/43327/ Common Vulnerability Exposure (CVE) ID: CVE-2017-13878 https://www.exploit-db.com/exploits/43780/ Common Vulnerability Exposure (CVE) ID: CVE-2017-13883 Common Vulnerability Exposure (CVE) ID: CVE-2017-7163 Common Vulnerability Exposure (CVE) ID: CVE-2017-7155 Common Vulnerability Exposure (CVE) ID: CVE-2017-7171 Common Vulnerability Exposure (CVE) ID: CVE-2017-13886 Common Vulnerability Exposure (CVE) ID: CVE-2017-13911 https://support.apple.com/kb/HT208331 https://support.apple.com/kb/HT208692 Common Vulnerability Exposure (CVE) ID: CVE-2017-7151 https://support.apple.com/kb/HT208325 https://support.apple.com/kb/HT208326 https://support.apple.com/kb/HT208327 https://support.apple.com/kb/HT208334 Common Vulnerability Exposure (CVE) ID: CVE-2017-13892 https://support.apple.com/en-us/HT208331 Common Vulnerability Exposure (CVE) ID: CVE-2017-13905 https://support.apple.com/en-us/HT208325 https://support.apple.com/en-us/HT208327 https://support.apple.com/en-us/HT208334
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.