http://support.apple.com/kb/HT6150

The remote host is running a version of Mac OS X that is older than 10.9.2. The newer version contains numerous security-related fixes for the following components :

  - Apache

  - ATS

  - Certificate Trust Policy

  - CoreAnimation

  - CoreText

  - curl

  - Data Security

  - Date and Time

  - File Bookmark

  - Finder

  - ImageIO

  - NVIDIA Drivers

  - PHP

  - QuickLook

  - QuickTime

An attacker could leverage the most serious of these issues to execute arbitrary code.

The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components :

  - Apache
  - App Sandbox
  - ATS
  - Certificate Trust Policy
  - CFNetwork Cookies
  - CoreAnimation
  - Date and Time
  - File Bookmark
  - ImageIO
  - IOSerialFamily
  - LaunchServices
  - NVIDIA Drivers
  - PHP
  - QuickLook
  - QuickTime
  - Secure Transport

Note that successful exploitation of the most serious issues could result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components :

  - Apache
  - ATS
  - Certificate Trust Policy
  - CoreAnimation
  - CoreText
  - curl
  - Data Security
  - Date and Time
  - File Bookmark
  - Finder
  - ImageIO
  - NVIDIA Drivers
  - PHP
  - QuickLook
  - QuickTime

Note that successful exploitation of the most serious issues could result in arbitrary code execution.

ID	Name	Product	Family	Severity
8138	Mac OS X < 10.9.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
72688	Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)	Nessus	MacOS X Local Security Checks	critical
72687	Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical

CVE-2014-1256

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical