APPLE-SA-2015-01-27-4

http://support.apple.com/HT204244

1031650

macosx-cve20148828-sec-bypass(100522)

The remote host is running a version of Mac OS X 10.9.x that is prior to version 10.9.6.  Mac OS X 10.9.6 contains the following security-related fixes :

  - The CoreGraphics component is vulnerable to an unspecified vulnerability which could allow remote attackers to execute arbitrary code. (CVE-2014-8816)
 - The IOBluetoothFamily component does not properly parse integer 'signedness' which can lead to a buffer overflow within the Bluetooth implementation. (CVE-2014-4497)
 - The Sandbox does not properly sanitize user data which may allow a remote attacker to overwrite data. (CVE-2014-8828)

The remote host is running a version of Mac OS X 10.8 or 10.9 that does not have Security Update 2015-001 applied. This update contains several security-related fixes for the following components :

  - AFP Server
  - Bluetooth
  - CoreGraphics
  - CoreSymbolication
  - FontParser
  - Foundation
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - Kernel
  - LaunchServices
  - libnetcore
  - LoginWindow
  - lukemftp
  - OpenSSL
  - Sandbox
  - SceneKit
  - Security
  - security_taskgate
  - Spotlight
  - sysmond

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
8645	Mac OS X < 10.9.6 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
81088	Mac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE)	Nessus	MacOS X Local Security Checks	critical

CVE-2014-8828

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical