Cisco Discloses Details of macOS SMB Vulnerabilities

Cisco’s Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating system.

SMB, which stands for Server Message Block, is a protocol for sharing files, printers, and serial ports. Apple’s own SMB stack is called SMBX.

Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them. One of the security holes was fixed silently by Apple, one was addressed in April, and the rest were patched in May with the release of macOS Big Sur 11.4.

The vulnerabilities are mitigated by the fact that their exploitation requires authentication, but Talos warned that “they are readily exploitable in environments with advanced authentication mechanisms.”

An attacker can exploit the vulnerabilities by sending specially crafted packets to the targeted server.

Three of the flaws have been assigned a severity rating of high and the rest have been classified as medium severity.

Of the high-severity issues, two could allow arbitrary code execution on the targeted server or denial-of-service (DoS) attacks. The third high-severity vulnerability can lead to information disclosure, DoS, or a cryptographic check bypass.

“SmbX is a proprietary implementation of a protocol that has led to some well-known vulnerabilities. This makes it a very interesting target, especially with the growing presence of macOS machines in today’s network environments,” Talos researcher Aleksandar Nikolich, who has been credited by Apple for reporting these vulnerabilities, wrote in a blog post.

Related: SMBGhost Vulnerability Allows Privilege Escalation on Windows Systems

Related: Microsoft Working on Patches for Wormable SMB Vulnerability

Related: ‘SMBleed’ Vulnerability Impacts Windows SMB Protocol