ID CVE-2017-13837
Summary An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key.
References
Vulnerable Configurations
  • Apple Mac OS X 10.13.0
    cpe:2.3:o:apple:mac_os_x:10.13.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-254
CAPEC
nessus via4
NASL family MacOS X Local Security Checks
NASL id MACOS_10_13.NASL
description The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - AppSandbox - AppleScript - Application Firewall - ATS - Audio - CFNetwork - CFNetwork Proxies - CFString - Captive Network Assistant - CoreAudio - CoreText - DesktopServices - Directory Utility - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - IOFireWireFamily - ImageIO - Installer - Kernel - kext tools - libarchive - libc - libexpat - Mail - Mail Drafts - ntp - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - SQLite - Sandbox - Screen Lock - Security - Spotlight - WebKit - zlib Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen 2019-02-21
modified 2018-07-14
plugin id 103598
published 2017-10-03
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=103598
title macOS < 10.13 Multiple Vulnerabilities
refmap via4
confirm https://support.apple.com/HT208144
Last major update 03-04-2018 - 02:29
Published 03-04-2018 - 02:29
Last modified 04-05-2018 - 11:19
Back to Top