Detections
Analytics

Mac OS X Multiple Vulnerabilities (Security Update 2014-004)

critical Nessus Plugin ID 77749

Language:

Synopsis

The remote host is missing a Mac OS X update that fixes multiple security issues.

Description

The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-004 applied. This update contains several security-related fixes for the following components :

 - CoreGraphics
 - Intel Graphics Driver
 - IOAcceleratorFamily
 - IOHIDFamily
 - IOKit
 - Libnotify
 - OpenSSL
 - QT Media Foundation

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Solution

Install Security Update 2014-004 or later.

See Also

https://support.apple.com/en-us/HT204532

http://osdir.com/ml/general/2014-09/msg34124.html

Plugin Details

Severity: Critical

ID: 77749

File Name: macosx_SecUpd2014-004.nasl

Version: 1.11

Type: local

Agent: macosx

Published: 9/18/2014

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, Host/MacOSX/packages/boms

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/18/2014

Vulnerability Publication Date: 2/24/2014

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-1391, CVE-2014-3470, CVE-2014-4350, CVE-2014-4376, CVE-2014-4379, CVE-2014-4381, CVE-2014-4388, CVE-2014-4389, CVE-2014-4393, CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, CVE-2014-4416, CVE-2014-4979

BID: 66363, 67898, 67899, 67900, 67901, 68852, 69888, 69891, 69892, 69893, 69894, 69895, 69896, 69897, 69898, 69906, 69907, 69908, 69916, 69921, 69931, 69948, 69950

APPLE-SA: APPLE-SA-2014-09-17-3