Vulnerabilities > CVE-2016-4748 - 7PK - Security Features vulnerability in Apple mac OS X
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOS_10_12.NASL |
description | The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, or is not macOS 10.12. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple HSSPI Support - AppleEFIRuntime - AppleMobileFileIntegrity - AppleUCC - Application Firewall - ATS - Audio - Bluetooth - cd9660 - CFNetwork - CommonCrypto - CoreCrypto - CoreDisplay - curl - Date & Time Pref Pane - DiskArbitration - File Bookmark - FontParser - IDS - Connectivity - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOThunderboltFamily - Kerberos v5 PAM module - Kernel - libarchive - libxml2 - libxpc - libxslt - mDNSResponder - NSSecureTextField - Perl - S2 Camera - Security - Terminal - WindowServer Note that successful exploitation of the most serious issues can result in arbitrary code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 93685 |
published | 2016-09-23 |
reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/93685 |
title | macOS < 10.12 Multiple Vulnerabilities |
References
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
- http://www.securityfocus.com/bid/93055
- http://www.securityfocus.com/bid/93055
- http://www.securitytracker.com/id/1036858
- http://www.securitytracker.com/id/1036858
- https://support.apple.com/HT207170
- https://support.apple.com/HT207170