OS X may be considered Apple's desktop OS magnum opus, but it certainly hasn't been without its share of vulnerabilities (1,250 to date per the CVE database). The following are the top 11 OS X vulnerabilities and exploitation prevention tips.
Table of contents
- Dock Vulnerability
- Mail Vulnerability
- Security-Keychain Vulnerability
- LaunchServices Vulnerability
- App Store Vulnerability
- PDF Password Vulnerability
- User Documentation Vulnerability
- Empty Trash Vulnerability
- Mail/Kerberos Authentication Vulnerability
- HFS Volume Mounting Vulnerability
- Error Logging Vulnerability
1. Dock Vulnerability
The Dock in Apple OS X versions before 10.10 improperly manages the screen-lock state. This could allow attackers in physical proximity to access an unattended workstation. Newer versions of OS X do not have this flaw, so upgrading to a newer version effectively remediates the vulnerability.
2. Mail Vulnerability
Versions of Mail before 10.10 do not properly recognize the removal of a recipient address from a message. This could allow remote attackers to obtain sensitive information by reading a message intended exclusively for other recipients.
3. Security-Keychain Vulnerability
The Security-Keychain component in versions of OS X before 10.9.4 does not properly implement keystroke observers. This could allow physically proximate attackers to bypass the screen-lock protection mechanism and enter characters into an arbitrary window under the lock window via keyboard input. Updating to version 10.11 or higher effectively remediates this vulnerability.
4. LaunchServices Vulnerability
LaunchServices in OS X before 10.10.3 could allow local attackers to cause a denial-of-service (Finder crash) via specially crafted localization data.
5. App Store Vulnerability
The App Store process in CommerceKit Framework in OS X before 10.10.2 places Apple ID credentials in App Store logs, which could allow local users to obtain sensitive information by simply reading the log files.
6. PDF Password Vulnerability
The UserAccountUpdater in OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, allowing local users to obtain sensitive information by reading said file
7. User Documentation Vulnerability
The User Documentation component in OS X through 10.6.8 uses HTTP sessions for updates to App Store help information. This could allow a man-in-the-middle attacker to execute arbitrary code by spoofing the HTTP server.
8. Empty Trash Vulnerability
The Secure Empty Trash feature in Finder in OS X before 10.11 improperly deletes Trash files. This allows local users to obtain sensitive data by reading storage media (e.g., flash drive).
9. Mail/Kerberos Authentication Vulnerability
Mail in OS X before 10.9 (with Kerberos authentication enabled and TLS disabled) sends invalid cleartext data, which could allow remote attackers to obtain sensitive information by simply sniffing network traffic.
10. HFS Volume Mounting Vulnerability
The kernel in OS X before 10.10.5 does not properly mount HFS volumes, which could allow local users to cause a denial-of-service (DoS) via a crafted volume.
11. Error Logging Vulnerability
New error logging features in OS X 10.10 that include unsafe additions to the dynamic linker could allow local attackers to gain unfettered root privileges.
Upgrading your OS X-based nodes to the latest version can effectively remediate these vulnerabilities. However, in some cases it may not be possible (or feasible) to perform such updates en masse—these scenarios may require patches to be downloaded and applied in a specific manner. Regardless of how you plan on applying these critical OS X updates, UpGuard's OVAL-backed vulnerability scanner can automatically identify which nodes are at-risk on an ongoing basis.