APPLE-SA-2015-01-27-4

http://support.apple.com/HT204244

1031650

macosx-cve20148838-sec-bypass(100525)

The remote host is running a version of Mac OS X 10.8 or 10.9 that does not have Security Update 2015-001 applied. This update contains several security-related fixes for the following components :

  - AFP Server
  - Bluetooth
  - CoreGraphics
  - CoreSymbolication
  - FontParser
  - Foundation
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - Kernel
  - LaunchServices
  - libnetcore
  - LoginWindow
  - lukemftp
  - OpenSSL
  - Sandbox
  - SceneKit
  - Security
  - security_taskgate
  - Spotlight
  - sysmond

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.2. This update contains several security-related fixes for the following components :

  - bash
  - Bluetooth
  - CFNetwork Cache
  - CommerceKit Framework
  - CoreGraphics
  - CoreSymbolication
  - CPU Software
  - FontParser
  - Foundation
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - IOUSBFamily
  - Kernel
  - LaunchServices
  - libnetcore
  - LoginWindow
  - lukemftp
  - OpenSSL
  - Safari
  - SceneKit
  - Security
  - security_taskgate
  - Spotlight
  - SpotlightIndex
  - sysmond
  - UserAccountUpdater

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
81088	Mac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE)	Nessus	MacOS X Local Security Checks	critical
81087	Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)	Nessus	MacOS X Local Security Checks	critical

CVE-2014-8838

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical