Download
| Alert*
oval:org.secpod.oval:def:24681
The telnet service must be disabled, as it sends all data, including the user's password, in a clear text form that can be easily intercepted and read. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can ... oval:org.secpod.oval:def:24682 The telnet service must be disabled, as it sends all data, including the user's password, in a clear text form that can be easily intercepted and read. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can ... oval:org.secpod.oval:def:24683 The telnet service must be disabled, as it sends all data, including the user's password, in a clear text form that can be easily intercepted and read. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can ... oval:org.secpod.oval:def:24684 The telnet service must be disabled, as it sends all data, including the user's password, in a clear text form that can be easily intercepted and read. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can ... oval:org.secpod.oval:def:24671 Security appliances and firewalls are not always IPv6 aware, meaning that IPv6 traffic is frequently unfiltered and unprotected. If it is not in use, it should be disabled. oval:org.secpod.oval:def:24674 If the system does not require access to NFS (Network File System) file shares or is not acting as an NFS server, then support for NFS is non-essential and NFS services must be disabled. NFS is a network file system protocol supported by Unix-like operating systems. Enabling any service increases th ... oval:org.secpod.oval:def:24675 File Sharing is non-essential and must be disabled. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized. oval:org.secpod.oval:def:24676 The Screen Sharing feature allows remote users to view or control the desktop of the current user. A malicious user can take advantage of Screen Sharing to gain full access to the system remotely, either with stolen credentials or by guessing the username and password. Disabling Screen Sharing mitig ... oval:org.secpod.oval:def:24677 The finger service has had several security vulnerabilities in the past and is not a necessary service. It is disabled by default; enabling it would increase the attack surface of the system. oval:org.secpod.oval:def:24593 The rexec service must be disabled. The rexec service does not implement crypto and has had several security vulnerabilities in the past. It is disabled by default; enabling it would increase the attack surface of the system. Without confidentiality protection mechanisms, unauthorized individuals ma ... oval:org.secpod.oval:def:24594 The telnet service must be disabled, as it sends all data, including the user's password in a clear text form that can be easily intercepted and read. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can ... oval:org.secpod.oval:def:24595 Enable or disable the tftp daemon as appropriate. Use launchctl unload -w to unload the tftp.plist file in the LaunchDaemons directory. oval:org.secpod.oval:def:24596 Web Sharing is non-essential and must be disabled. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized. oval:org.secpod.oval:def:24591 Enable or disable the ftp daemon as appropriate. Use launchctl unload -w to unload the ftp.plist file in the LaunchDaemons directory. oval:org.secpod.oval:def:24592 It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional at ... oval:org.secpod.oval:def:24569 Apple Mac OS X 10.9 (Maverick) is installed oval:org.secpod.oval:def:24634 Enable or disable System panics report as appropriate. Use launchctl unload -w to unload the com.apple.ReportPanic.plist file in the /System/Library/LaunchAgents directory. oval:org.secpod.oval:def:24631 If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created. oval:org.secpod.oval:def:24632 Enable or disable User process crash report as appropriate. Use 'launchctl unload -w' to unload the com.apple.ReportCrash.plist file in the /System/Library/LaunchAgents directory. oval:org.secpod.oval:def:24633 System process crashes should not be reported. Use launchctl unload -w to unload the com.apple.ReportCrash.Root.plist file in the /System/Library/LaunchDaemons directory. oval:org.secpod.oval:def:17516 The host is installed with Apple Mac OS X 10.9.2 and is prone to format string vulnerability. A flaw is present in the application, which fails to properly handle URLs. Successful exploitation allows attackers to cause arbitrary code execution. oval:org.secpod.oval:def:17515 The host is installed with Apple Mac OS X or Server 10.7.5, OS X 10.8.5 or OS X 10.9.2 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the processing of Set-Cookie HTTP headers. Successful exploitation allows attackers to obtai ... oval:org.secpod.oval:def:17523 The host is installed with Apple Mac OS X 10.9.2 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to properly handle the screen lock/unlock. Successful exploitation allows the system to get unlocked. oval:org.secpod.oval:def:17522 The host is installed with Apple Mac OS X 10.9.2 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle XNU object. Successful exploitation allows attackers to bypass kernel address space layout randomization. oval:org.secpod.oval:def:17521 The host is installed with Apple Mac OS X 10.9.2 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle IOKit object. Successful exploitation allows attackers to bypass kernel address space layout randomization. oval:org.secpod.oval:def:17520 The host is installed with Apple Mac OS X 10.8.5 or OS X 10.9.2 and is prone to improper validation vulnerability. A flaw is present in the application, which fails to properly handle a pointer from userspace. Successful exploitation allows attackers to take control of the system. oval:org.secpod.oval:def:17527 The host is installed with Apple Mac OS X 10.8.5 or OS X 10.9.2 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle the WindowServer sessions. Successful exploitation allows attackers to execute arbitrary code outside the sandb ... oval:org.secpod.oval:def:17526 The host is installed with Apple Mac OS X 10.8.5 or OS X 10.9.2 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle the sessions protected by SSL. Successful exploitation allows attackers to capture data or change the operations perform ... oval:org.secpod.oval:def:17519 The host is installed with Apple Mac OS X 10.8.5 or OS X 10.9.2 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle JPEG images. Successful exploitation allows attackers to lead to an unexpected application termination or arbitrary code ... oval:org.secpod.oval:def:17518 The host is installed with Apple Mac OS X 10.9.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle ASN.1 data. Successful exploitation allows attackers to cause a denial of service. oval:org.secpod.oval:def:17528 The host is missing a security update according to Apple advisory, APPLE-SA-2014-04-22-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain objects and security vectors. Successful exploitation allows attackers to execute ... oval:org.secpod.oval:def:21723 The host is installed with Apple Mac OS X or Server before 10.10.1 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows attackers to obtain sensitive information. oval:org.secpod.oval:def:21724 The host is installed with Apple Mac OS X or Server before 10.10.1 and is prone to information disclosure vulnerability. A flaw is present in the "System Profiler About This Mac", which fails to properly handle unspecified vectors. Successful exploitation allows attackers to obtain sensitive informa ... oval:org.secpod.oval:def:44839 The host is installed with Apple Mac OS X 10.11.6 or 10.12.6 and is prone to an information access vulnerability. A flaw is present in the application, which fails to properly handle maliciously crafted webpages. Successful exploitation allows an application to mount a disk image. oval:org.secpod.oval:def:20179 The host is installed with Apple Mac OS X or Server 10.8 through 10.8.5 or OS X 10.9 through 10.9.3 and is prone to uninitialized memory access vulnerability. The flaw is present in the application, which fails to properly handle DTLS messages in a TLS connection. Successful exploitation allows atta ... oval:org.secpod.oval:def:20180 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.3 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to properly handle iBooks logs. Successful exploitation allows an attacker with access to a system may be able to recover Apple ID cred ... oval:org.secpod.oval:def:20181 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.3 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle IOKit object. Successful exploitation allows an attacker bypass kernel address space layout randomization. oval:org.secpod.oval:def:20188 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.3 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly kernel pointer stored in an IOKit object. Successful exploitation allows an attacker bypass kernel address space layout ... oval:org.secpod.oval:def:20186 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.3 and is prone to heap buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle log messages. Successful exploitation allows local user to execute arbitrary code with system privileges. oval:org.secpod.oval:def:20187 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.3 and is prone to integer overflow vulnerability. A flaw is present in the application, which fails to properly handle launchd. Successful exploitation allows local user to execute arbitrary code with system privileges. oval:org.secpod.oval:def:20184 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.3 and is prone to integer underflow vulnerability. A flaw is present in the application, which fails to properly handle launchd. Successful exploitation allows local user to execute arbitrary code with system privileges. oval:org.secpod.oval:def:20185 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.3 and is prone to heap buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle IPC messages. Successful exploitation allows local user to execute arbitrary code with system privileges. oval:org.secpod.oval:def:20182 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.3 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle keystrokes. Successful exploitation could have allowed an attacker to type into windows under the screen lock. oval:org.secpod.oval:def:20183 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.3 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle IOKit API arguments. Successful exploitation allows local user to cause an unexpected system restart. oval:org.secpod.oval:def:20170 The host is missing a security update according to Apple advisory, APPLE-SA-2014-06-30-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain objects and security vectors. Successful exploitation allows attackers to execute ... oval:org.secpod.oval:def:20177 The host is installed with Apple Mac OS X or Server 10.8 through 10.8.5 or OS X 10.9 through 10.9.3 and is prone to multiple null dereference vulnerabilities. The flaws is present in the application, which fails to properly handle kernel graphics drivers. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:20178 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.3 and is prone to arbitrary code execution vulnerability. The flaw is present in the application, which fails to properly handle IOThunderBoltController API calls. Successful exploitation allows execute arbitrary code with system ... oval:org.secpod.oval:def:20175 The host is installed with Apple Mac OS X or Server 10.8 through 10.8.5 or OS X 10.9 through 10.9.3 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle IOAcceleratorFamily. Successful exploitation allows attackers to execute ar ... oval:org.secpod.oval:def:20176 The host is installed with Apple Mac OS X or Server 10.8 through 10.8.5 or OS X 10.9 through 10.9.3 and is prone to out-of-bounds vulnerability. A flaw is present in the application, which fails to properly handle a system call. Successful exploitation allows local user to bypass kernel address spac ... oval:org.secpod.oval:def:20173 The host is installed with Apple Mac OS X or Server 10.8 through 10.8.5 or OS X 10.9 through 10.9.3 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle OpenGL API call. Successful exploitation allows attackers to execute arbitr ... oval:org.secpod.oval:def:20174 The host is installed with Apple Mac OS X or Server 10.8 through 10.8.5 or OS X 10.9 through 10.9.3 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle OpenCL API call. Successful exploitation allows attackers to bypass kernel ... oval:org.secpod.oval:def:20171 The host is installed with Apple Mac OS X or Server 10.7 through 10.7.5, OS X 10.8 through 10.8.5 or OS X 10.9 through 10.9.3 and is prone to out-of-bounds vulnerability. A flaw is present in the application, which fails to properly handle AppleDouble files in zip archives. Successful exploitation m ... oval:org.secpod.oval:def:20172 The host is installed with Apple Mac OS X or Server 10.7 through 10.7.5, OS X 10.8 through 10.8.5 or OS X 10.9 through 10.9.3 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle Dock's messages from applications. Successful exp ... oval:org.secpod.oval:def:54621 The host is installed with Apple Mac OS X 10.12.6 or 10.13.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a memory related issue. Successful exploitation allows an attacker to execute arbitrary code with system privileges. oval:org.secpod.oval:def:17020 The host is installed with Apple Mac OS X 10.9 or 10.9.1 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to ensure ACL integrity after the viewing of file ACL information. Successful exploitation allows attackers to bypass intended access restrictions ... oval:org.secpod.oval:def:17007 The host is installed with Apple Mac OS X 10.8.0 before 10.9.2 and is prone to remote code execution vulnerability. A flaw is present in the mod_dav.c in the Apache HTTP Server, which fails to handle a crafted Type 1 font that is embedded in a document. Successful exploitation allows attackers to ex ... oval:org.secpod.oval:def:17016 The host is installed with Apple Mac OS X 10.9 before 10.9.2 and is prone to spoofing vulnerability. A flaw is present in the application, which fails to verify X.509 certificates from HTTPS servers that are accessed using a numerical IP address. Successful exploitation allows man-in-the-middle atta ... oval:org.secpod.oval:def:17015 The host is installed with Apple Mac OS X 10.9 before 10.9.2 and is prone to integer signedness error vulnerability. A flaw is present in the application, which fails to handle crafted Unicode font. Successful exploitation allows attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:17014 The host is installed with Apple Mac OS X 10.8 before 10.9.2 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted image. Successful exploitation allows attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:17019 The host is installed with Apple Mac OS X or Server 10.7.5, OSX 10.8.5, 10.9 or 10.9.1 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted filename. Successful exploitation allows attackers to execute arbitrary code or cause a denial o ... oval:org.secpod.oval:def:17018 The host is installed with Apple Mac OS X or Server 10.7.5, 10.8.5, 10.9 or 10.9.1 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle user privileges. Successful exploitation allows attackers to bypass intended access restrictions by c ... oval:org.secpod.oval:def:17012 The host is installed with Apple Mac OS X or Server 10.7.5, OSX 10.8.5, 10.9 or 10.9.1 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to handle crafted Mach messages. Successful exploitation allows attackers to bypass the App Sandbox protection mecha ... oval:org.secpod.oval:def:17011 The host is installed with Apple Mac OS X 10.9 or 10.9.1 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly validate calls to the free function. Successful exploitation allows attackers to bypass the App Sandbox protection mechanism via craft ... oval:org.secpod.oval:def:17010 The host is installed with Apple Mac OS X 10.9 before 10.9.2 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to handle crafted Mach messages. Successful exploitation allows attackers to bypass the App Sandbox protection mechanism. oval:org.secpod.oval:def:24602 The permissions of the rcp executable must be set as appropriate. The rcp utility copies files between machines. oval:org.secpod.oval:def:24686 Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifica ... oval:org.secpod.oval:def:24707 The default global umask setting must be set to '022' for system processes. The setting '022' ensures that system process created files and directories will only be readable by other users and processes, not writable. This mitigates the risk that unauthorized users might be able to write to files an ... oval:org.secpod.oval:def:24690 ICMP redirects are broadcast in order to reshape network traffic. A malicious user could craft fake redirect packets and try to force all network traffic to pass through a network sniffer. If the system is not configured to ignore these packets, it could be susceptible to this kind of attack. oval:org.secpod.oval:def:24652 The permissions on a file establish which users and groups are permitted to access or modify it. An attacker may attempt to change the permissions on a file to prevent legitimate users from accessing it or to grant additional access to an account the attacker controls. Auditing successful and unsucc ... oval:org.secpod.oval:def:24588 The owner of 'csh init' files must be root or as appropriate. Use the command chown root /etc/csh.cshrc /etc/csh.login /etc/csh.logout to change the owner as appropriate. oval:org.secpod.oval:def:24600 The permissions of the ipcs executable should be set as appropriate. The ipcs utility provides information on System V interprocess communication (IPC) facilities on the system. oval:org.secpod.oval:def:24653 Frequently, an attacker that successfully gains access to a system has only gained access to an account with limited privileges, such as a guest account or a service account. The attacker must attempt to change to another user account with normal or elevated privileges in order to proceed. Auditing ... oval:org.secpod.oval:def:24704 The operating system must retain the session lock until the user reestablishes access using established identification and authentication procedures. Users must be prompted to enter their passwords when unlocking the screensaver. The screensaver acts as a session lock and prevents unauthorized users ... oval:org.secpod.oval:def:24599 The group of the ipcs executable must be root. The ipcs utility provides information on System V interprocess communication (IPC) facilities on the system. oval:org.secpod.oval:def:24702 End users must not be able to override Gatekeeper settings. Gatekeeper must be configured with a configuration profile in order to prevent normal users from overriding its setting. If users are allowed to disable Gatekeeper or set it to a less restrictive setting, then it is possible that malware co ... oval:org.secpod.oval:def:24581 The setting controls whether admin accounts are visible on the login window. In loginwindow.plist, set the HideAdminUsers key = true to hide admin accounts. If the key does not exist, admin accounts are displayed. oval:org.secpod.oval:def:24670 IP forwarding for IPv4 must not be enabled, unless the system is a router, as only authorized systems should be permitted to operate as routers. oval:org.secpod.oval:def:24696 The root account must be the only account having a UID of 0. The built in root account is disabled by default and administrator users are required to use sudo to run a process with the UID '0'. If another account with UID '0' exists, this is a sign of a network intrusion or a malicious user that is ... oval:org.secpod.oval:def:24628 The audit logs must not have extended ACLs. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24643 If events associated with non-local administrative access or diagnostic sessions are not logged, a major tool for assessing and investigating attacks would not be available. This requirement addresses auditing-related issues associated with maintenance tools used specifically for diagnostic and repa ... oval:org.secpod.oval:def:24619 The /etc/resolv.conf file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24630 The audit tool executables should not have extended ACLs. Use the chmod command to apply or remove the extended ACL permissions as appropriate. In /usr/sbin, auditd, audit, auditreduce, and praudit set via chmod. oval:org.secpod.oval:def:24621 The group of the /etc/services file must be wheel. The services file contains information regarding the known services available in the DARPA Internet. For each service a single line should be present with the following information: official service name, port number, protocol name, aliases. oval:org.secpod.oval:def:24691 ICMP Timestamp requests reveal information about the system and can be used to determine which operating system is installed. Precise time data can also be used to launch time based attacks against the system. Configuring the system to drop incoming ICMPv4 timestamp requests mitigates these risks. oval:org.secpod.oval:def:24644 Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privile ... oval:org.secpod.oval:def:24586 The group of bash 'init' files must be wheel. /etc/profile it is used to set system wide environmental variables on users shells. /etc/bashrc file is meant for setting command aliases and functions used by bash shell users. Use the command chgrp wheel /etc/bashrc /etc/profile to change group owner a ... oval:org.secpod.oval:def:24608 The permissions of the rsh executable must be 555. The rsh utility copies its standard input to the remote command, the standard output of the remote command to its standard output, and the standard error of the remote command to its standard error. Interrupt, quit and terminate signals are propagat ... oval:org.secpod.oval:def:24678 The SSH Version should be explicitly set to Version 2. Version 2 supports strong crypto and was rewritten from scratch to resolve several weaknesses in Version 1 that make it extremely vulnerable to attackers. The weaker crypto in Version 1 is potentially susceptible to certain forms of replay attac ... oval:org.secpod.oval:def:24610 The /etc/group file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24627 The permissions of the audit logs must be 0640 or as appropriate. The audit files are under /var/audit; set the permission for each via chmod. oval:org.secpod.oval:def:24622 The permissions of the /etc/services file must be 0644 or less. The services file contains information regarding the known services available in the DARPA Internet. For each service a single line should be present with the following information: official service name, port number, protocol name, ali ... oval:org.secpod.oval:def:24697 Emergency administrator accounts are privileged accounts which are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If these accounts are automatically disa ... oval:org.secpod.oval:def:24650 Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. One method of minimizing this risk is to use complex passwords and periodically change them. If the operating system does not limit the lifetime of passwords and force users to chang ... oval:org.secpod.oval:def:24614 The /etc/services file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24693 The Application Firewall is the built in firewall that comes with Mac OS X and must be enabled. Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network. oval:org.secpod.oval:def:24687 Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifica ... oval:org.secpod.oval:def:24584 The setting controls whether network users are listed in the login window. In loginwindow.plist, set the IncludeNetworkUser key = false to hide network users. If the key does not exist, network users are not displayed. oval:org.secpod.oval:def:24583 The setting controls whether mobile accounts, which synchronize home folders between clients and servers, are visible in the login window. In loginwindow.plist, set the HideMobileAccounts key = true to hide mobile accounts. If the key does not exist, mobile accounts are displayed. oval:org.secpod.oval:def:24590 The permissions of csh init files must be 644 or as appropriate. Use the command chmod 644 /etc/csh.cshrc /etc/csh.login /etc/csh.logout to set permissions of csh init files or as appropriate. oval:org.secpod.oval:def:24573 Controls whether the login window shows a list of non-local (other) users from which to choose when logging in, or shows fields in which a user and a password can be entered. In loginwindow.plist, set the SHOWOTHERUSERS_MANAGED key = false. If the key does not exist, a list of users is displayed. oval:org.secpod.oval:def:24654 Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. DoD has defined the list of events for which the operating system will provide an audit record generation capabi ... oval:org.secpod.oval:def:24637 Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to create a new account. Auditing of account creation mitigates this risk. To address access requirements, many ... oval:org.secpod.oval:def:24659 The sudo command must be configured to prompt for the administrator user's password at least once in each newly opened Terminal window or remote login session, as this prevents a malicious user from taking advantage of an unlocked computer or an abandoned login session to bypass the normal password ... oval:org.secpod.oval:def:24578 Controls whether a user can use the OSX GUI to start or switch to a login session running as another user concurrently. In .GlobalPreferences.plist, set the MultipleSessionEnabled key to false to disable fast user switching. oval:org.secpod.oval:def:24635 Configuration settings must be verified by a centrally managed system such as an MDM to ensure that they have not been changed. Configuration settings are the configurable security-related parameters of information technology products that are part of the information system. Security-related paramet ... oval:org.secpod.oval:def:24680 The prompt for Apple ID and iCloud must be disabled, as it might mislead new users into creating unwanted Apple IDs and iCloud storage accounts upon their first login. oval:org.secpod.oval:def:24582 The setting controls whether local user accounts are visible in the login window. In loginwindow.plist, set the HideLocalUsers key = true to hide local user accounts. If the key does not exist, user accounts are displayed. oval:org.secpod.oval:def:24640 Kernel modules, called kernel extensions in Mac OS X, are compiled segments of code that are dynamically loaded into the kernel as required to support specific pieces of hardware or functionality. Privileged users are permitted to load or unload kernel extensions manually. An attacker might attempt ... oval:org.secpod.oval:def:24708 Finder must be set to always empty Trash securely. Finder must be configured to always empty Trash securely in order to prevent data recovery tools from accessing the deleted files. Files emptied from the Trash by normal means are still present on the hard drive and can be recovered up until the mom ... oval:org.secpod.oval:def:24660 Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for blank CDs mitigates this risk. oval:org.secpod.oval:def:24709 The audit service should shut down the computer if it is unable to audit system events. Once audit failure occurs, user and system activity is no longer recorded and malicious activity could go undetected. Audit processing failures include: software/hardware errors; failures in the audit capturing m ... oval:org.secpod.oval:def:24672 iTunes Music Sharing must be disabled. When iTunes Music Sharing is enabled, the computer starts a network listening service that shares the contents of the user's music collection with other users in the same subnet. Unnecessary network services should always be disabled because they increase the a ... oval:org.secpod.oval:def:24669 Infrared [IR] kernel support must be disabled to prevent users from controlling the system with IR devices. By default, if IR is enabled, the system will accept IR control from any remote. oval:org.secpod.oval:def:24589 The group of csh init files must be wheel. Use the command chown :0 /etc/csh.cshrc /etc/csh.login /etc/csh.logout to change the group owner as appropriate. oval:org.secpod.oval:def:24648 Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that deter ... oval:org.secpod.oval:def:24605 The permissions of the rlogin executable must be 555. The rlogin utility starts a terminal session on a remote host. oval:org.secpod.oval:def:24639 Remote access services, such as those providing remote access to network devices and information systems, increase risk and expose those systems to possible cyber attacks, so all remote access should be closely monitored and audited. Only authorized users should be permitted to remotely access DoD n ... oval:org.secpod.oval:def:24655 An attacker might attempt to log in as an authorized user, through stolen credentials, unpatched exploits, or brute force attempts to guess a valid username and password. If a user is attempting to log in to a system at an unusual time, or if there are many failed attempts, there is a possibility th ... oval:org.secpod.oval:def:24685 The kernel extension for Wi-Fi network devices such as Airport must be removed to ensure that users will not be able to reactivate wireless networking at a later time. System updates will sometimes replace deleted kernel extensions. Administrator users may need to periodically check to ensure that t ... oval:org.secpod.oval:def:24694 The system must allow only applications downloaded from the App Store to run. Gatekeeper settings must be configured correctly to only allow the system to run applications downloaded from the Mac App Store. Administrator users will still have the option to override these settings on a per app basis. ... oval:org.secpod.oval:def:24604 The group of the rlogin executable must be root. The rlogin utility starts a terminal session on a remote host. oval:org.secpod.oval:def:24699 The audit service must be configured to require a minimum percentage of free disk space in order to run. This ensures that audit will notify the administrator that action is required to free up more disk space for audit logs. When minfree is set to 25%, security personnel are notified immediately wh ... oval:org.secpod.oval:def:24714 Secure virtual memory must be enabled. Secure virtual memory ensures that data in memory is encrypted when it is swapped to disk. This prevents users and applications from accessing potentially sensitive information, such as user names and passwords, from the swap space on the hard drive. oval:org.secpod.oval:def:24603 The owner of the rlogin executable must be root. The rlogin utility starts a terminal session on a remote host. oval:org.secpod.oval:def:24705 The operating system must enforce a minimum 15-character password length. The minimum password length must be set to 15 characters. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one fact ... oval:org.secpod.oval:def:24695 The audit service must be configured to require that records are kept for 7 days or longer before deletion when there is no central audit record storage facility. When expire-after is set to 7d, the audit service will not delete audit logs until the log data is at least 7 days old. oval:org.secpod.oval:def:24703 Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authenticating with their individual user names and p ... oval:org.secpod.oval:def:24636 By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. Setting a lockout expiration of 15 minutes is an effective deterrent against brute forcing that ... oval:org.secpod.oval:def:24611 The /etc/hosts file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24645 Frequently, an attacker that successfully gains access to a system has only gained access to an account with limited privileges, such as a guest account or a service account. The attacker must attempt to change to another user account with normal or elevated privileges in order to proceed. Auditing ... oval:org.secpod.oval:def:24665 When automatic logins are enabled, the default user account is automatically logged in at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer in order to log in. Disabling automatic logins mitigates this risk. oval:org.secpod.oval:def:24629 The permissions of the audit configuration files must be 0555 or less. In /etc/security, audit_class, audit_control, audit_event, audit_warn, and audit_user permissions set via chmod. oval:org.secpod.oval:def:24623 The owner of the /etc/syslog.conf file must be root. The syslog.conf file is the configuration file for the syslogd(8) program. It consists of lines with two fields: the selector field which specifies the types of messages and priorities to which the line applies, and an action field which specifies ... oval:org.secpod.oval:def:24572 The login window must be configured to prompt all users for both a username and a password. By default, the system displays a list of known users at the login screen. This gives an advantage to an attacker with physical access to the system, as the attacker would only have to guess the password for ... oval:org.secpod.oval:def:24574 Hide or display the shutdown button in the login window. In loginwindow.plist, set the ShutDownDisabled key = true to hide the button. If the key does not exist, the button is displayed. oval:org.secpod.oval:def:24713 Firewall logging must be enabled. This ensures that malicious network activity will be logged to the system. This requirement is NA if HBSS is used. oval:org.secpod.oval:def:24692 A source-routed packet attempts to specify the network path the packet should take. If the system is not configured to block the incoming source-routed packets, an attacker can redirect the system's network traffic. Configuring the system to drop incoming source-routed IPv4 packets mitigates this ri ... oval:org.secpod.oval:def:24576 Controls when, and if, a password hint is given the user, based on the number of failed login attempts. In loginwindow.plist, set the RetriesUntilHint key = X to show a hint after X login failures, or set the key = 0 to disable hints. oval:org.secpod.oval:def:24706 SSH should be configured to log users out after a 15 minute interval of inactivity and to only wait 30 seconds before timing out login attempts. Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session ... oval:org.secpod.oval:def:24641 Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privile ... oval:org.secpod.oval:def:24651 Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end re ... oval:org.secpod.oval:def:24712 The operating system must implement cryptographic mechanisms to prevent unauthorized disclosure of all information at rest on organization-defined information system components. FileVault Disk Encryption must be enabled. This ensures that any data stored on the hard drive will be protected by crypto ... oval:org.secpod.oval:def:24624 The group of the /etc/syslog.conf file must be wheel. The syslog.conf file is the configuration file for the syslogd(8) program. It consists of lines with two fields: the selector field which specifies the types of messages and priorities to which the line applies, and an action field which specifie ... oval:org.secpod.oval:def:24647 The permissions on a file establish which users are permitted to access or modify it. An attacker may attempt to change the permissions on a file to prevent legitimate users from accessing it or to grant additional access to an account the attacker controls. Auditing successful and unsuccessful atte ... oval:org.secpod.oval:def:24580 The setting controls whether external accounts, which are defined and stored on 'other' media (such as USB drives or specified disk partitions), are allowed to be active on a system. In loginwindow.plist, set the EnableExternalAccounts key = false to disable external accounts. If the key does not e ... oval:org.secpod.oval:def:24667 Bluetooth Sharing must be disabled. Bluetooth sharing allows users to wirelessly transmit files between Mac OS X and Bluetooth-enabled devices, including personally owned cell phones and tablets. A malicious user might introduce viruses or malware onto the system or extract sensitive files. Disablin ... oval:org.secpod.oval:def:24661 Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for blank DVDs mitigates this risk. oval:org.secpod.oval:def:24656 Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to create a new account or modify an existing one. Auditing of account creation and modification is one method ... oval:org.secpod.oval:def:24571 Hide or display the restart button in the login window. In loginwindow.plist, set the RestartDisabled key = true to hide the buttons. If the key does not exist, the button is displayed. oval:org.secpod.oval:def:24673 The operating system must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded. By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, oth ... oval:org.secpod.oval:def:24587 The permissions of bash 'init' files must be 444 or as appropriate. /etc/profile it is used to set system wide environmental variables on users shells. /etc/bashrc file is meant for setting command aliases and functions used by bash shell users. oval:org.secpod.oval:def:24607 The group of the rsh executable must be wheel. The rsh utility copies its standard input to the remote command, the standard output of the remote command to its standard output, and the standard error of the remote command to its standard error. Interrupt, quit and terminate signals are propagated t ... oval:org.secpod.oval:def:24663 Automatic actions must be disabled for picture CDs. Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for pi ... oval:org.secpod.oval:def:24658 When operating system accounts are disabled, user accessibility is affected. The system must audit account disablement actions so that administrator users can detect and respond to such events. Such a capability greatly reduces the risk that operating system accessibility will be negatively affected ... oval:org.secpod.oval:def:24615 The /etc/syslog.conf file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24613 The /etc/passwd file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24657 When operating system accounts are removed, user accessibility is affected. The system must audit account removal actions so that administrator users can detect and respond to such events. Such a capability greatly reduces the risk that operating system accessibility will be negatively affected for ... oval:org.secpod.oval:def:24711 The operating system must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest on organization-defined information system components. FileVault Disk Encryption must be enabled. This ensures that any data stored on the hard drive will be protected by cryp ... oval:org.secpod.oval:def:24577 Controls whether inactivity logs out a user and, if so, how many minutes are required to trigger logout. In .GlobalPreferences.plist, delete the AutoLogoutDelay key to disable inactivity logout. oval:org.secpod.oval:def:24646 The permissions on a file establish which users are permitted to access or modify it. An attacker may attempt to change the permissions on a file to prevent legitimate users from accessing it or to grant additional access to an account the attacker controls. Auditing successful and unsuccessful atte ... oval:org.secpod.oval:def:24609 The /etc/aliases file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24617 The /private/var/at/cron.deny file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24710 The operating system must protect the confidentiality and integrity of all information at rest. FileVault Disk Encryption must be enabled. By encrypting the system hard drive, the confidentiality and integrity of any data stored on the system is ensured. Information at rest refers to the state of in ... oval:org.secpod.oval:def:24598 The owner of the ipcs executable must be root. The ipcs utility provides information on System V interprocess communication (IPC) facilities on the system. oval:org.secpod.oval:def:24666 The Bluetooth kernel extension must be removed, as wireless access introduces unnecessary security risks. Removing Bluetooth support entirely mitigates this risk and ensures the operating system enforces this requirement. oval:org.secpod.oval:def:24620 The owner of the /etc/services file must be root. The services file contains information regarding the known services available in the DARPA Internet. For each service a single line should be present with the following information: official service name, port number, protocol name, aliases. oval:org.secpod.oval:def:24679 The SSH Version should be explicity set to Version 2. Version 2 supports strong crypto and was rewritten from scratch to resolve several weaknesses in Version 1 that make it extremely vulnerable to attackers. The weaker crypto in Version 1 is potentially susceptible to certain forms of replay attack ... oval:org.secpod.oval:def:24597 The default global umask setting must be set to '027' for user applications. The setting '027' ensures that user created files and directories will be readable, but not writable, by users that share the same group id. Users with a different group id will not be able to read or write those files. Thi ... oval:org.secpod.oval:def:24579 Enable or disable console login as appropriate. If console login is enabled, the user can type '>console' for the user name to get a console login. In loginwindow.plist, set the DisableConsoleAccess key = true to prevent console logins. If the key does not exist, console login is allowed. oval:org.secpod.oval:def:24700 The audit service should be configured to immediately print messages to the console or email administrator users when an auditing failure occurs. It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, s ... oval:org.secpod.oval:def:24606 The owner of the rsh executable must be root. The rsh utility copies its standard input to the remote command, the standard output of the remote command to its standard output, and the standard error of the remote command to its standard error. Interrupt, quit and terminate signals are propagated to ... oval:org.secpod.oval:def:24612 The /etc/openldap/ldap.conf file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24698 The operating system must initiate a session lock after a 15-minute period of inactivity. A screensaver must be enabled and set to require a password to unlock. The timeout should be set to fifteen minutes of inactivity. This mitigates the risk that a user might forget to manually lock the screen be ... oval:org.secpod.oval:def:24575 Hide or display the sleep button in the login window. In loginwindow.plist, set the SleepDisabled key = true to hide the button. If the key does not exist, the button is displayed. oval:org.secpod.oval:def:24616 The /usr/lib/cron/cron.allow file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24662 Automatic actions must be disabled for music CDs. Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for musi ... oval:org.secpod.oval:def:24689 A source-routed packet attempts to specify the network path that the system should take. If the system is not configured to block the sending of source-routed packets, an attacker can redirect the system's network traffic. oval:org.secpod.oval:def:24668 If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be targeted by attackers to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation. Temporary accounts are establi ... oval:org.secpod.oval:def:24649 The permissions on a file establish which users are permitted to access or modify it. An attacker may attempt to change the permissions on a file to prevent legitimate users from accessing it or to grant additional access to an account the attacker controls. Auditing successful and unsuccessful atte ... oval:org.secpod.oval:def:24585 The owner of bash 'init' files must be root. /etc/profile it is used to set system wide environmental variables on users shells. /etc/bashrc file is meant for setting command aliases and functions used by bash shell users. Use chown root /etc/bashrc /etc/profile to to change the owner as appropriate ... oval:org.secpod.oval:def:24568 Specifies the maximum time the login window can be inactive before the screen saver starts. This is distinct from a user session's idle time. Setting to 900 seconds (15 minutes) instead of the OEM value of unlimited. In loginwindow.plist, set the loginWindowIdleTime key = 900. If the key does not ... oval:org.secpod.oval:def:24618 The /usr/sbin/traceroute file should not have an extended ACL. Use the chmod command to apply or remove the extended ACL permissions as appropriate. oval:org.secpod.oval:def:24664 Automatic actions must be disabled for video DVDs. Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for vid ... oval:org.secpod.oval:def:24688 ICMP redirects are broadcast in order to reshape network traffic. A malicious user could use the system to send fake redirect packets and try to force all network traffic to pass through a network sniffer. Disabling ICMP redirect broadcasts mitigates this risk. oval:org.secpod.oval:def:24638 Account creations and account modfications, such as disablement and termination, can all be signs of an intrusion and should be audited. Once an attacker establishes access to a system, the attacker may attempt to create an account to reestablish access at a later time. The attacker may also attempt ... oval:org.secpod.oval:def:24570 Hide or display the sleep, restart, and shutdown buttons, in the login window. In loginwindow.plist, set the PowerOffDisabled key = true to hide the buttons. If the key does not exist, buttons are displayed. oval:org.secpod.oval:def:24626 The group of the audit logs must be wheel. The audit files are under /var/audit; set the group for each via chgrp. oval:org.secpod.oval:def:24625 The owner of the audit logs must be root or as appropriate. oval:org.secpod.oval:def:24642 By auditing access restriction enforcement, changes to application and OS configuration files can be audited. Without auditing the enforcement of access restrictions, it will be difficult to identify attempted attacks and an audit trail will not be available for forensic investigation. Enforcement a ... oval:org.secpod.oval:def:24601 The owner of the rcp executable must be root. The rcp utility copies files between machines. oval:org.secpod.oval:def:24701 Bluetooth devices must not be allowed to wake the computer. If Bluetooth is not required, turn it off. If Bluetooth is necessary, disable allowing Bluetooth devices to wake the computer. oval:org.secpod.oval:def:21725 The host is installed with Apple Mac OS X or Server before 10.10.1 or Apple Safari before 6.2.1, 7.x before 7.1.1 or 8.x before 8.0.1 and is prone to use-after-free vulnerability. A flaw is present in the WebKit, which fails to properly handle a crafted page objects in an HTML document. Successful e ... oval:org.secpod.oval:def:21726 The host is installed with Apple Mac OS X or Server 10.10.x before 10.10.2 and is prone to information disclosure vulnerability. A flaw is present in the application, which does not properly clear the browsing cache upon a transition out of private-browsing mode. Successful exploitation allows attac ... oval:org.secpod.oval:def:21722 The host is missing a security update according to Apple advisory, APPLE-SA-2014-11-17-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors. Successful exploitation allows attackers to execute remote code or obtain ... oval:org.secpod.oval:def:21259 The host is installed with Apple Mac OS X or Server 10.7.5, OS X 10.8.5 or OS X 10.9 through 10.9.4 and is prone to buffer overflow vulnerability. The flaws is present in the application, which fails to properly handle MIDI files. Successful exploitation may lead to an unexpected application termina ... oval:org.secpod.oval:def:21258 The host is installed with Apple Mac OS X or Server 10.7.5, OS X 10.8.5 or OS X 10.9 through 10.9.4 and is prone to denial of service vulnerability. The flaw is present in the application, which fails to properly handle a crafted movie file with RLE encoding. Successful exploitation allows remote at ... oval:org.secpod.oval:def:21246 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle an application that provides crafted API arguments. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:21247 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows attackers to execute arbitrary code in a privileg ... oval:org.secpod.oval:def:21251 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.4 and is prone to security bypass vulnerability. A flaw is present in the application, which fails to properly handle kernel addresses. Successful exploitation allows local users to obtain sensitive address information and bypass ... oval:org.secpod.oval:def:21239 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21237 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21238 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21236 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted GLSL shader. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:21244 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21245 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21242 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21243 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21240 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21241 The host is installed with Apple Mac OS X or Server 10.8.5 or OS X 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted application. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21232 The host is installed with Apple Mac OS X or Server 10.9 through 10.9.4 and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which does not properly validate API calls. Successful exploitation allows attackers to execute arbitrary code in a privileged context ... oval:org.secpod.oval:def:45908 The host is installed with Apple Mac OS X 10.13.4 or 10.12.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a locking issue. Successful exploitation allows attackers to execute arbitrary code with kernel privileges. oval:org.secpod.oval:def:48636 The host is installed with Apple Mac OS X 10.12.6 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a locking issue. Successful exploitation allows an attacker to execute arbitrary code with kernel privileges. oval:org.secpod.oval:def:17017 The host is installed with Apple Mac OS X 10.9 before 10.9.2 and is prone to SSL spoofing vulnerability. A flaw is present in the application, which fails to check the signature in a TLS Server Key Exchange message. Successful exploitation allows attackers to spoof SSL servers by using an arbitrary ... oval:org.secpod.oval:def:43639 The host is installed with Apple Mac OS 10.13.1 or 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory. oval:org.secpod.oval:def:48684 The host is installed with Apple Mac OS X through 10.12.6, 10.13.6 or 10.14 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted ... oval:org.secpod.oval:def:45898 The host is installed with Apple Mac OS 10.13.4, 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory or ... oval:org.secpod.oval:def:17037 The host is missing a security update according to Apple advisory, APPLE-SA-2014-02-25-1. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors related to memory and crafted data. Successful exploitation allows attacke ... oval:org.secpod.oval:def:21262 The host is missing a security update according to Apple advisory, APPLE-SA-2014-09-17-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain objects and security vectors. Successful exploitation allows attackers to execute ... oval:org.secpod.oval:def:39718 The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-27-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... |