CCE-91784-9Platform: cpe:/o:apple:mac_os_x:10.13 | Date: (C)2018-02-22 (M)2023-07-04 |
Disable Automatic Actions for Picture CDs
Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for picture CDs mitigates this risk.
Parameter:
[yes/no]
Technical Mechanism:
To check if the system has the correct setting for picture CDs open up System Preferences, CDs & DVDs. The setting for 'When you insert a picture CD' should be set to 'Ignore', if it is not, this is a finding.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.4 | Attack Vector: LOCAL |
Exploit Score: 2.5 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:44319 |