vulnerability

OS X update for autofs (CVE-2019-8656)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 23, 2019	Jul 23, 2019	Nov 6, 2020

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 23, 2019

Added

Jul 23, 2019

Modified

Nov 6, 2020

Description

This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper.

Solutions

apple-osx-security-update-2019-004-high-sierraapple-osx-upgrade-10_14_6

References

CVE-2019-8656
https://attackerkb.com/topics/CVE-2019-8656
URL-https://support.apple.com/kb/HT210348

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today