APPLE-SA-2014-09-17-1

APPLE-SA-2014-09-17-2

APPLE-SA-2014-10-16-1

http://support.apple.com/kb/HT6441

http://support.apple.com/kb/HT6442

69882

69911

1030866

appleios-cve20144422-sec-bypass(96096)

https://support.apple.com/kb/HT6535

The remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components :

  - 802.1X
  - AFP File Server
  - apache
  - App Sandbox
  - Bash
  - Bluetooth
  - Certificate Trust Policy
  - CFPreferences
  - CoreStorage
  - CUPS
  - Dock
  - fdesetup
  - iCloud Find My Mac
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - LaunchServices
  - LoginWindow
  - Mail
  - MCX Desktop Config Profiles
  - NetFS Client Framework
  - QuickTime
  - Safari
  - Secure Transport
  - Security
  - Security - Code Signing

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

According to its banner, the remote Apple TV device is a version prior to 7. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in arbitrary code execution.

The following components contain vulnerabilities that have since been patched in version 7.0:

  - 802.1X
  - Accounts
  - Accessibility
  - Accounts Framework
  - Address Book
  - App Installation
  - Assets
  - Bluetooth
  - CoreGraphics
  - Foundation
  - Home & Lock Screen
  - iMessage
  - IOAcceleratorFamily
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libnotify
  - Mail
  - Profiles
  - Safari
  - Sandbox Profiles
  - syslog
  - WebKit

The mobile device is running a version of iOS prior to version 8. It is, therefore, affected by vulnerabilities in the following components :

  - 802.1X
  - Accessibility
  - Accounts
  - Accounts Framework
  - Address Book
  - App Installation
  - Assets
  - Bluetooth
  - Certificate Trust Policy
  - CoreGraphics
  - Data Detectors
  - Foundation
  - Home and Lock Screen
  - iMessage
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libnotify
  - Lockdown
  - Lockdown
  - Mail
  - Profiles
  - Safari
  - Sandbox Profiles
  - Settings
  - syslog
  - Weather
  - WebKit
  - Wifi

According to its banner, the remote iOS device is missing a security update.  Versions of Apple iOS prior to 8.0 are affected by vulnerabilities within the following components :

  - 802.1X
  - Accessibility
  - Accounts Framework
  - Accounts
  - Address Book
  - App Installation
  - Assets
  - Bluetooth
  - Certificate Trust Policy
  - CoreGraphics
  - Data Detectors
  - Foundation
  - Home & Lock Screen
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libnotify
  - Lockdown
  - Mail
  - Profiles
  - Safari
  - Sandbox Profiles
  - Settings
  - Weather
  - WebKit
  - WiFi
  - iMessage
  - syslog

ID	Name	Product	Family	Severity
78550	Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)	Nessus	MacOS X Local Security Checks	critical
77822	Apple TV < 7 Multiple Vulnerabilities	Nessus	Misc.	high
8392	Apple TV < 7 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	critical
77745	Apple iOS < 8 Multiple Vulnerabilities	Nessus	Mobile Devices	high
8393	Apple iOS < 8.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high

CVE-2014-4422

HIGH

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

high

critical

high

high