Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2011-06-24 |
| Product | Mac Os X | Last view | 2021-12-23 |
| Version | 10.10.3 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:mac_os_x | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2021-12-23 | CVE-2021-30767 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. |
| 5.5 | 2021-12-23 | CVE-2020-3896 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files. |
| 7.8 | 2021-12-23 | CVE-2020-3886 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 9.8 | 2021-12-23 | CVE-2019-8703 | This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges. |
| 5.5 | 2021-12-23 | CVE-2019-8702 | This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier. |
| 9.8 | 2021-12-23 | CVE-2019-8643 | CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management.. |
| 6.8 | 2021-12-23 | CVE-2018-4478 | A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges. |
| 7.8 | 2021-12-23 | CVE-2018-4302 | A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. |
| 5.5 | 2021-12-23 | CVE-2017-13910 | An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files. |
| 5.5 | 2021-12-23 | CVE-2017-13909 | An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens. |
| 7.8 | 2021-12-23 | CVE-2017-13908 | An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share. |
| 6.8 | 2021-12-23 | CVE-2017-13907 | A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked. |
| 7.8 | 2021-12-23 | CVE-2017-13906 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges. |
| 8.1 | 2021-12-23 | CVE-2017-13905 | A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges. |
| 7.5 | 2021-12-23 | CVE-2017-13892 | An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing. |
| 7.8 | 2021-12-23 | CVE-2017-13835 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges. |
| 7.8 | 2021-10-28 | CVE-2021-30834 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution. |
| 7.8 | 2021-10-28 | CVE-2021-30824 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2021-10-28 | CVE-2021-30821 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 5.5 | 2021-10-19 | CVE-2021-30850 | An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system. |
| 7.8 | 2021-10-19 | CVE-2021-30847 | This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution. |
| 7.5 | 2021-10-19 | CVE-2021-30844 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory. |
| 7.8 | 2021-10-19 | CVE-2021-30843 | This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. |
| 7.8 | 2021-10-19 | CVE-2021-30842 | This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. |
| 7.8 | 2021-10-19 | CVE-2021-30841 | This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 31% (513) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 12% (201) | CWE-787 | Out-of-bounds Write |
| 10% (167) | CWE-125 | Out-of-bounds Read |
| 10% (163) | CWE-20 | Improper Input Validation |
| 8% (129) | CWE-200 | Information Exposure |
| 2% (46) | CWE-416 | Use After Free |
| 2% (43) | CWE-264 | Permissions, Privileges, and Access Controls |
| 2% (41) | CWE-362 | Race Condition |
| 2% (35) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 1% (22) | CWE-476 | NULL Pointer Dereference |
| 1% (18) | CWE-284 | Access Control (Authorization) Issues |
| 1% (17) | CWE-254 | Security Features |
| 0% (16) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (14) | CWE-269 | Improper Privilege Management |
| 0% (14) | CWE-190 | Integer Overflow or Wraparound |
| 0% (12) | CWE-665 | Improper Initialization |
| 0% (9) | CWE-399 | Resource Management Errors |
| 0% (9) | CWE-17 | Code |
| 0% (8) | CWE-295 | Certificate Issues |
| 0% (8) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 0% (7) | CWE-704 | Incorrect Type Conversion or Cast |
| 0% (7) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 0% (7) | CWE-310 | Cryptographic Issues |
| 0% (7) | CWE-287 | Improper Authentication |
| 0% (7) | CWE-189 | Numeric Errors |
SAINT Exploits
| Description | Link |
|---|---|
| Safari Script Editor AppleScript execution | More info here |
| Mac OS X rsh Environment Variables Privilege Elevation | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74382 | GNU troff contrib/pdfmark/pdfroff.sh Ghostscript Launch Arbitrary File Manipu... |
| 73111 | GNU Troff pdfroff Temporary File Symlink Arbitrary File Overwrite |
ExploitDB Exploits
| id | Description |
|---|---|
| 31875 | Python socket.recvfrom_into() - Remote Buffer Overflow |
| 27944 | Mac OS X Sudo Password Bypass |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-11-16 | Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console File : nvt/gb_VMSA-2012-0016.nasl |
| 2012-10-19 | Name : Ubuntu Update for python2.5 USN-1613-1 File : nvt/gb_ubuntu_USN_1613_1.nasl |
| 2012-10-19 | Name : Ubuntu Update for python2.4 USN-1613-2 File : nvt/gb_ubuntu_USN_1613_2.nasl |
| 2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-06 (expat) File : nvt/glsa_201209_06.nasl |
| 2012-09-11 | Name : Ubuntu Update for xmlrpc-c USN-1527-2 File : nvt/gb_ubuntu_USN_1527_2.nasl |
| 2012-08-30 | Name : Fedora Update for groff FEDORA-2012-8577 File : nvt/gb_fedora_2012_8577_groff_fc17.nasl |
| 2012-08-14 | Name : Ubuntu Update for expat USN-1527-1 File : nvt/gb_ubuntu_USN_1527_1.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2525-1 (expat) File : nvt/deb_2525_1.nasl |
| 2012-08-03 | Name : Mandriva Update for expat MDVSA-2012:041 (expat) File : nvt/gb_mandriva_MDVSA_2012_041.nasl |
| 2012-07-30 | Name : CentOS Update for expat CESA-2012:0731 centos5 File : nvt/gb_CESA-2012_0731_expat_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for expat CESA-2012:0731 centos6 File : nvt/gb_CESA-2012_0731_expat_centos6.nasl |
| 2012-06-15 | Name : RedHat Update for expat RHSA-2012:0731-01 File : nvt/gb_RHSA-2012_0731-01_expat.nasl |
| 2012-06-08 | Name : Fedora Update for groff FEDORA-2012-8590 File : nvt/gb_fedora_2012_8590_groff_fc15.nasl |
| 2012-06-08 | Name : Fedora Update for groff FEDORA-2012-8596 File : nvt/gb_fedora_2012_8596_groff_fc16.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0222 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0061471 |
| 2015-B-0105 | Multiple Vulnerabilities in Apple QuickTime Severity: Category II - VMSKEY: V0061349 |
| 2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
| 2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
| 2015-B-0014 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0058513 |
| 2015-B-0013 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0058515 |
| 2013-A-0179 | Apple Mac OS X Security Update 2013-004 Severity: Category I - VMSKEY: V0040373 |
| 2012-A-0189 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0035032 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-02-25 | Apple Safari user assisted applescript code execution attempt RuleID : 52622 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-02-25 | Apple Safari user assisted applescript code execution attempt RuleID : 52621 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore AIR optimization memory corruption attempt RuleID : 51822 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore AIR optimization memory corruption attempt RuleID : 51821 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2018-08-16 | PHP phar extension remote code execution attempt RuleID : 47207 - Type : SERVER-WEBAPP - Revision : 2 |
| 2018-08-16 | Apple Quicktime malformed FPX file memory corruption attempt RuleID : 47174 - Type : FILE-IMAGE - Revision : 1 |
| 2018-08-16 | Apple Quicktime malformed FPX file memory corruption attempt RuleID : 47173 - Type : FILE-IMAGE - Revision : 1 |
| 2018-07-31 | FreeBSD bspatch utility remote code execution attempt RuleID : 47048 - Type : FILE-OTHER - Revision : 1 |
| 2018-07-31 | FreeBSD bspatch utility remote code execution attempt RuleID : 47047 - Type : FILE-OTHER - Revision : 1 |
| 2018-07-19 | Apple macOS and iOS fgetattrlist kernel heap overflow attempt RuleID : 46991 - Type : OS-OTHER - Revision : 1 |
| 2018-07-19 | Apple macOS and iOS fgetattrlist kernel heap overflow attempt RuleID : 46990 - Type : OS-OTHER - Revision : 1 |
| 2018-07-10 | Microsoft Windows Interrupt Service Routine stack rollback attempt RuleID : 46910 - Type : INDICATOR-COMPROMISE - Revision : 2 |
| 2018-07-10 | Microsoft Windows Interrupt Service Routine stack rollback attempt RuleID : 46909 - Type : INDICATOR-COMPROMISE - Revision : 2 |
| 2018-07-10 | Microsoft Windows processor modification return to user-mode attempt RuleID : 46908 - Type : INDICATOR-COMPROMISE - Revision : 2 |
| 2018-07-10 | Microsoft Windows processor modification return to user-mode attempt RuleID : 46907 - Type : INDICATOR-COMPROMISE - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO |
| 2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a7ac26523d.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-bdc5bfaedc.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO |
| 2018-12-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO |
| 2018-11-30 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2478.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1577.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL17403481.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO |
| 2018-10-18 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_8_banner.nasl - Type: ACT_GATHER_INFO |
