Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2018-06-07 |
| Product | Mac Os X | Last view | 2021-10-19 |
| Version | 10.13.6 | Type | Os |
| Update | security_update_2019-005 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:mac_os_x | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2021-10-19 | CVE-2021-30850 | An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system. |
| 7.8 | 2021-10-19 | CVE-2021-30847 | This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution. |
| 7.5 | 2021-10-19 | CVE-2021-30844 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory. |
| 7.8 | 2021-10-19 | CVE-2021-30843 | This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. |
| 7.8 | 2021-10-19 | CVE-2021-30842 | This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. |
| 7.8 | 2021-10-19 | CVE-2021-30841 | This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. |
| 7.8 | 2021-10-19 | CVE-2021-30835 | This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution. |
| 7.8 | 2021-10-19 | CVE-2021-30832 | A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges. |
| 7.8 | 2021-10-19 | CVE-2021-30830 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2021-10-19 | CVE-2021-30829 | A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files. |
| 5.5 | 2021-10-19 | CVE-2021-30828 | This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root. |
| 7.8 | 2021-10-19 | CVE-2021-30827 | A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges. |
| 7.5 | 2021-10-19 | CVE-2020-29622 | A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges. |
| 9.8 | 2021-09-08 | CVE-2021-30805 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. |
| 8.8 | 2021-09-08 | CVE-2021-30799 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 7.8 | 2021-09-08 | CVE-2021-30790 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
| 7.8 | 2021-09-08 | CVE-2021-30789 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. |
| 7.1 | 2021-09-08 | CVE-2021-30788 | This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. |
| 7.8 | 2021-09-08 | CVE-2021-30787 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to cause unexpected system termination or write kernel memory. |
| 7.8 | 2021-09-08 | CVE-2021-30785 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution. |
| 6.5 | 2021-09-08 | CVE-2021-30783 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions. |
| 5.5 | 2021-09-08 | CVE-2021-30782 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to access restricted files. |
| 7.8 | 2021-09-08 | CVE-2021-30781 | This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution. |
| 7.8 | 2021-09-08 | CVE-2021-30780 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges. |
| 7.8 | 2021-09-08 | CVE-2021-30777 | An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 29% (185) | CWE-787 | Out-of-bounds Write |
| 20% (130) | CWE-125 | Out-of-bounds Read |
| 11% (74) | CWE-20 | Improper Input Validation |
| 9% (58) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 4% (25) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 3% (24) | CWE-416 | Use After Free |
| 1% (12) | CWE-665 | Improper Initialization |
| 1% (11) | CWE-362 | Race Condition |
| 1% (11) | CWE-269 | Improper Privilege Management |
| 1% (9) | CWE-190 | Integer Overflow or Wraparound |
| 1% (8) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (6) | CWE-200 | Information Exposure |
| 0% (6) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (5) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (4) | CWE-415 | Double Free |
| 0% (4) | CWE-295 | Certificate Issues |
| 0% (4) | CWE-287 | Improper Authentication |
| 0% (4) | CWE-276 | Incorrect Default Permissions |
| 0% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 0% (3) | CWE-617 | Reachable Assertion |
| 0% (3) | CWE-459 | Incomplete Cleanup |
| 0% (3) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 0% (3) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 0% (2) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (2) | CWE-494 | Download of Code Without Integrity Check |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore AIR optimization memory corruption attempt RuleID : 51822 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore AIR optimization memory corruption attempt RuleID : 51821 - Type : BROWSER-WEBKIT - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO |
| 2018-12-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO |
| 2018-11-30 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-18 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9.nasl - Type: ACT_GATHER_INFO |
| 2018-09-27 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1308.nasl - Type: ACT_GATHER_INFO |
| 2018-09-27 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1307.nasl - Type: ACT_GATHER_INFO |
| 2018-08-21 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0084.nasl - Type: ACT_GATHER_INFO |
| 2018-06-19 | Name: The remote Fedora host is missing a security update. File: fedora_2018-10ae521efa.nasl - Type: ACT_GATHER_INFO |
| 2018-06-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4226.nasl - Type: ACT_GATHER_INFO |
