Vulnerabilities > CVE-2014-4432 - Cryptographic Issues vulnerability in Apple mac OS X
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
| NASL family | MacOS X Local Security Checks |
| NASL id | MACOSX_10_10.NASL |
| description | The remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Dock - fdesetup - iCloud Find My Mac - IOAcceleratorFamily - IOHIDFamily - IOKit - Kernel - LaunchServices - LoginWindow - Mail - MCX Desktop Config Profiles - NetFS Client Framework - QuickTime - Safari - Secure Transport - Security - Security - Code Signing Note that successful exploitation of the most serious issues can result in arbitrary code execution. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 78550 |
| published | 2014-10-17 |
| reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/78550 |
| title | Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock) |
References
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
- http://www.securityfocus.com/bid/70632
- http://www.securityfocus.com/bid/70632
- http://www.securitytracker.com/id/1031063
- http://www.securitytracker.com/id/1031063
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97637
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97637
- https://support.apple.com/kb/HT6535
- https://support.apple.com/kb/HT6535