APPLE-SA-2014-10-16-1

APPLE-SA-2015-01-27-4

http://support.apple.com/HT204244

70623

1031063

macosx-cve20144426-info-disc(97643)

https://support.apple.com/kb/HT6535

The remote host is running a version of Mac OS X 10.8 or 10.9 that does not have Security Update 2015-001 applied. This update contains several security-related fixes for the following components :

  - AFP Server
  - Bluetooth
  - CoreGraphics
  - CoreSymbolication
  - FontParser
  - Foundation
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - Kernel
  - LaunchServices
  - libnetcore
  - LoginWindow
  - lukemftp
  - OpenSSL
  - Sandbox
  - SceneKit
  - Security
  - security_taskgate
  - Spotlight
  - sysmond

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The AFP File Server in Apple OS X prior to version 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.

Apple OS X 10.10 (Yosemite) contains fixes for the following components: 
  - 802.1X
  - AFP File Server
  - App Sandbox
  - Bash
  - Bluetooth
  - CFPreferences
  - CUPS
  - Certificate Trust Policy
  - CoreStorage
  - Dock
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - LaunchServices
  - LoginWindow
  - MCX Desktop Config Profiles
  - Mail
  - NetFS Client Framework
  - QuickTime
  - Safari
  - Secure Transport
  - Code Signing
  - Security
  - apache
  - fdesetup
  - iCloud Find My Mac

The remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components :

  - 802.1X
  - AFP File Server
  - apache
  - App Sandbox
  - Bash
  - Bluetooth
  - Certificate Trust Policy
  - CFPreferences
  - CoreStorage
  - CUPS
  - Dock
  - fdesetup
  - iCloud Find My Mac
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - Kernel
  - LaunchServices
  - LoginWindow
  - Mail
  - MCX Desktop Config Profiles
  - NetFS Client Framework
  - QuickTime
  - Safari
  - Secure Transport
  - Security
  - Security - Code Signing

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
81088	Mac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE)	Nessus	MacOS X Local Security Checks	critical
79419	AFP Server Network Interface Enumeration	Nessus	Misc.	medium
8555	Mac OS X < 10.10 Multiple Vulnerabilities (APPLE-SA-2014-10-16-1 OS X Yosemite v10.10)	Nessus Network Monitor	Web Clients	critical
78550	Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)	Nessus	MacOS X Local Security Checks	critical

CVE-2014-4426

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

medium

critical

critical