ID |
CVE-2017-13837
|
Summary |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.0 |
Impact: | |
Exploitability: | |
|
CWE |
CWE-254 |
CAPEC |
|
nessus
via4
|
NASL family | MacOS X Local Security Checks | NASL id | MACOS_10_13.NASL | description | The remote host is running a version of Mac OS X that is prior to
10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is
not macOS 10.13. It is, therefore, affected by multiple
vulnerabilities in the following components :
- apache
- AppSandbox
- AppleScript
- Application Firewall
- ATS
- Audio
- CFNetwork
- CFNetwork Proxies
- CFString
- Captive Network Assistant
- CoreAudio
- CoreText
- DesktopServices
- Directory Utility
- file
- Fonts
- fsck_msdos
- HFS
- Heimdal
- HelpViewer
- IOFireWireFamily
- ImageIO
- Installer
- Kernel
- kext tools
- libarchive
- libc
- libexpat
- Mail
- Mail Drafts
- ntp
- Open Scripting Architecture
- PCRE
- Postfix
- Quick Look
- QuickTime
- Remote Management
- SQLite
- Sandbox
- Screen Lock
- Security
- Spotlight
- WebKit
- zlib
Note that successful exploitation of the most serious issues can
result in arbitrary code execution. | last seen | 2019-01-16 | modified | 2018-07-14 | plugin id | 103598 | published | 2017-10-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=103598 | title | macOS < 10.13 Multiple Vulnerabilities |
|
refmap
via4
|
|
Last major update |
03-04-2018 - 02:29 |
Published |
03-04-2018 - 02:29 |
Last modified |
04-05-2018 - 11:19 |