Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.813112
Category:Mac OS X Local Security Checks
Title:Apple MacOSX Security Updates(HT208692)-01
Summary:Apple Mac OS X is prone to multiple vulnerabilities.
Description:Summary:
Apple Mac OS X is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- An injection issue due to improper input validation.

- An issue existed in the parsing of URLs in PDFs due to improper input
validation.

- An out-of-bounds read error.

- An inconsistent user interface issue.

- By scanning key states, an unprivileged application could log keystrokes
entered into other applications even when secure input mode was enabled.

- An issue existed in the handling of S/MIME HTML e-mail.

- The sysadminctl command-line tool required that passwords be passed to it
in its arguments, potentially exposing the passwords to other local users.

- An issue existed in CFPreferences.

- Multiple memory corruption issues.

- A validation issue.

- A consistency issue existed in deciding when to show the microphone use
indicator.

Vulnerability Impact:
Successful exploitation of this vulnerability
will allow remote attackers to execute arbitrary code with kernel privileges,
gain access to passwords supplied to sysadminctl, truncate an APFS volume
password, gain access to potentially sensitive data, gain elevated privileges,
conduct a denial-of-service attack, log keystrokes entered into applications,
intercept and exfiltrate the contents of S/MIME-encrypted e-mail and use a
removed configuration profile and access the microphone without indication to
the user.

Affected Software/OS:
Apple Mac OS X versions 10.13.x through 10.13.3

Solution:
Upgrade to Apple Mac OS X 10.13.4 or later. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-4108
BugTraq ID: 103582
http://www.securityfocus.com/bid/103582
http://www.securitytracker.com/id/1040608
Common Vulnerability Exposure (CVE) ID: CVE-2018-4143
http://www.securitytracker.com/id/1040604
Common Vulnerability Exposure (CVE) ID: CVE-2018-4105
Common Vulnerability Exposure (CVE) ID: CVE-2018-4107
Common Vulnerability Exposure (CVE) ID: CVE-2018-4160
Common Vulnerability Exposure (CVE) ID: CVE-2018-4167
Common Vulnerability Exposure (CVE) ID: CVE-2018-4142
Common Vulnerability Exposure (CVE) ID: CVE-2018-4174
BugTraq ID: 103581
http://www.securityfocus.com/bid/103581
Common Vulnerability Exposure (CVE) ID: CVE-2018-4131
https://twitter.com/boastr_net/status/979624397664333824
Common Vulnerability Exposure (CVE) ID: CVE-2018-4132
Common Vulnerability Exposure (CVE) ID: CVE-2018-4135
Common Vulnerability Exposure (CVE) ID: CVE-2018-4111
Common Vulnerability Exposure (CVE) ID: CVE-2018-4170
Common Vulnerability Exposure (CVE) ID: CVE-2018-4115
Common Vulnerability Exposure (CVE) ID: CVE-2018-4157
Common Vulnerability Exposure (CVE) ID: CVE-2018-4152
Common Vulnerability Exposure (CVE) ID: CVE-2018-4150
Common Vulnerability Exposure (CVE) ID: CVE-2018-4138
Common Vulnerability Exposure (CVE) ID: CVE-2018-4173
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.