Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.811853
Kategorie:Mac OS X Local Security Checks
Titel:Apple Mac OS X Multiple Information Disclosure Vulnerabilities-HT208165
Zusammenfassung:This host is has Apple Mac OS X and; is prone to multiple information disclosure vulnerabilities.
Beschreibung:Summary:
This host is has Apple Mac OS X and
is prone to multiple information disclosure vulnerabilities.

Vulnerability Insight:
Multiple flaws exists as,

- A method existed for applications to bypass the key chain access prompt with
a synthetic click.

- If a hint was set in Disk Utility when creating an APFS encrypted volume,
the password was stored as the hint.

Vulnerability Impact:
Successful exploitation will allow attackers
to access sensitive information like passwords and other important data.

Affected Software/OS:
Apple Mac OS X version 10.13 before
build 17A405.

Solution:
Upgrade to Apple Mac OS X version
10.13 build 17A405 by applying the supplemental update from the vendor.

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N

Querverweis: BugTraq ID: 101178
BugTraq ID: 101177
Common Vulnerability Exposure (CVE) ID: CVE-2017-7149
http://www.securityfocus.com/bid/101178
https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79
https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/
https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/
http://www.securitytracker.com/id/1039513
Common Vulnerability Exposure (CVE) ID: CVE-2017-7150
http://www.securityfocus.com/bid/101177
http://www.securitytracker.com/id/1039430
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.