APPLE-SA-2014-09-17-1

http://support.apple.com/kb/HT6441

http://support.apple.com/kb/HT6443

69882

69905

1030866

appleios-cve20144374-info-disc(96077)

The remote host is running a version of Mac OS X that is older than 10.9.5, and is thus missing security-related fixes for the following components:

  - Bluetooth
  - CoreGraphics
  - Foundation
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Intel Graphics Driver
  - Kernel
  - Libnotify
  - OpenSSL
  - QT Media Foundation
  - apache_mod_php
  - ruby

Note that successful exploitation of the most serious issues could result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.9.x that is prior to version 10.9.5. This update contains several security-related fixes for the following components :

  - apache_mod_php
  - Bluetooth
  - CoreGraphics
  - Foundation
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libnotify
  - OpenSSL
  - QT Media Foundation
  - ruby

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The mobile device is running a version of iOS prior to version 8. It is, therefore, affected by vulnerabilities in the following components :

  - 802.1X
  - Accessibility
  - Accounts
  - Accounts Framework
  - Address Book
  - App Installation
  - Assets
  - Bluetooth
  - Certificate Trust Policy
  - CoreGraphics
  - Data Detectors
  - Foundation
  - Home and Lock Screen
  - iMessage
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libnotify
  - Lockdown
  - Lockdown
  - Mail
  - Profiles
  - Safari
  - Sandbox Profiles
  - Settings
  - syslog
  - Weather
  - WebKit
  - Wifi

According to its banner, the remote iOS device is missing a security update.  Versions of Apple iOS prior to 8.0 are affected by vulnerabilities within the following components :

  - 802.1X
  - Accessibility
  - Accounts Framework
  - Accounts
  - Address Book
  - App Installation
  - Assets
  - Bluetooth
  - Certificate Trust Policy
  - CoreGraphics
  - Data Detectors
  - Foundation
  - Home & Lock Screen
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libnotify
  - Lockdown
  - Mail
  - Profiles
  - Safari
  - Sandbox Profiles
  - Settings
  - Weather
  - WebKit
  - WiFi
  - iMessage
  - syslog

ID	Name	Product	Family	Severity
8394	Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)	Nessus Network Monitor	Web Clients	critical
77748	Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
77745	Apple iOS < 8 Multiple Vulnerabilities	Nessus	Mobile Devices	high
8393	Apple iOS < 8.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high

CVE-2014-4374

MEDIUM

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

critical

high

high