Detected Vulnerabilities CVE-2019-9948 CVE-2019-9636
Acronis True Image 2021 includes a Vulnerability Scanner. Scan results are reporting the critical need to update Python 2.7.16 due to CVE-2019-9948 CVE-2019-9636 however from initial research, Python 2.7.16 is part of the macOS Big Sur and any attempt of removing will cripple the OS. I have also installed Python 3.9.2. Apple tech support claims Python is NOT part of the OS and safe to uninstall. Looking for clarification.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
David Johnson, CD
upgrade your python and remove versions < 2.8
Mostly affected OS fedora, debian, redhat, opensuse, ubuntu. Otherwise it is dependent on the s/w that uses python libraries.For OSX, as advised by expert just maintain the patch regime and same goes for other software used. If you installed python separately, you should upgrade as well.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
Python 2.7 may be included in OS X, but it's not a part of the OS. You can remove it.
ASKER
Acronis support said same think, just disable the vulnerability scanner and ignore the critical CVE references. Sure doesn't seem appropriate but since Apple support claims Python is not part of the macOS but it will potentially cripple the OS if removed and may require reinstall of the OS, removing or disabling seems like a bad idea. Leaves me stuck between rock and hard place.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Vulnerabilities
A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.
8K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
