Security News > 2021 > June > Cisco Discloses Details of macOS SMB Vulnerabilities

Cisco Discloses Details of macOS SMB Vulnerabilities
2021-06-02 15:24

Cisco's Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating system.

Apple's own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them.

The vulnerabilities are mitigated by the fact that their exploitation requires authentication, but Talos warned that "They are readily exploitable in environments with advanced authentication mechanisms."

An attacker can exploit the vulnerabilities by sending specially crafted packets to the targeted server.

The third high-severity vulnerability can lead to information disclosure, DoS, or a cryptographic check bypass.

"SmbX is a proprietary implementation of a protocol that has led to some well-known vulnerabilities. This makes it a very interesting target, especially with the growing presence of macOS machines in today's network environments," Talos researcher Aleksandar Nikolich, who has been credited by Apple for reporting these vulnerabilities, wrote in a blog post.


News URL

http://feedproxy.google.com/~r/securityweek/~3/R501ETYuBNA/cisco-discloses-details-macos-smb-vulnerabilities

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1771 1669 288 3749