Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.813112
Kategorie:Mac OS X Local Security Checks
Titel:Apple MacOSX Security Updates(HT208692)-01
Zusammenfassung:This host is installed with Apple Mac OS X; and is prone to multiple vulnerabilities.
Beschreibung:Summary:
This host is installed with Apple Mac OS X
and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exists due to,

- An injection issue due to improper input validation.

- An issue existed in the parsing of URLs in PDFs due to improper input
validation.

- An out-of-bounds read error.

- An inconsistent user interface issue.

- By scanning key states, an unprivileged application could log keystrokes
entered into other applications even when secure input mode was enabled.

- An issue existed in the handling of S/MIME HTML e-mail.

- The sysadminctl command-line tool required that passwords be passed to it
in its arguments, potentially exposing the passwords to other local users.

- An issue existed in CFPreferences.

- Multiple memory corruption issues.

- A validation issue.

- A consistency issue existed in deciding when to show the microphone use
indicator.

Vulnerability Impact:
Successful exploitation of this vulnerability
will allow remote attackers to execute arbitrary code with kernel privileges,
gain access to passwords supplied to sysadminctl, truncate an APFS volume
password, gain access to potentially sensitive data, gain elevated privileges,
conduct a denial-of-service attack, log keystrokes entered into applications,
intercept and exfiltrate the contents of S/MIME-encrypted e-mail and use a
removed configuration profile and access the microphone without indication to
the user.

Affected Software/OS:
Apple Mac OS X versions 10.13.x through 10.13.3

Solution:
Upgrade to Apple Mac OS X 10.13.4 or later. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-4108
BugTraq ID: 103582
http://www.securityfocus.com/bid/103582
http://www.securitytracker.com/id/1040608
Common Vulnerability Exposure (CVE) ID: CVE-2018-4143
http://www.securitytracker.com/id/1040604
Common Vulnerability Exposure (CVE) ID: CVE-2018-4105
Common Vulnerability Exposure (CVE) ID: CVE-2018-4107
Common Vulnerability Exposure (CVE) ID: CVE-2018-4160
Common Vulnerability Exposure (CVE) ID: CVE-2018-4167
Common Vulnerability Exposure (CVE) ID: CVE-2018-4142
Common Vulnerability Exposure (CVE) ID: CVE-2018-4174
BugTraq ID: 103581
http://www.securityfocus.com/bid/103581
Common Vulnerability Exposure (CVE) ID: CVE-2018-4131
https://twitter.com/boastr_net/status/979624397664333824
Common Vulnerability Exposure (CVE) ID: CVE-2018-4132
Common Vulnerability Exposure (CVE) ID: CVE-2018-4135
Common Vulnerability Exposure (CVE) ID: CVE-2018-4111
Common Vulnerability Exposure (CVE) ID: CVE-2018-4170
Common Vulnerability Exposure (CVE) ID: CVE-2018-4115
Common Vulnerability Exposure (CVE) ID: CVE-2018-4157
Common Vulnerability Exposure (CVE) ID: CVE-2018-4152
Common Vulnerability Exposure (CVE) ID: CVE-2018-4150
Common Vulnerability Exposure (CVE) ID: CVE-2018-4138
Common Vulnerability Exposure (CVE) ID: CVE-2018-4173
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.