APPLE-SA-2015-04-08-2

APPLE-SA-2015-04-08-3

73984

1032048

https://support.apple.com/HT204659

https://support.apple.com/HT204661

https://support.apple.com/kb/HT204870

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected by multiple vulnerabilities in the following components :

 - Admin Framework
 - Apache
 - ATS
 - Certificate Trust Policy
 - CFNetwork HTTPProtocol
 - CFNetwork Session
 - CFURL
 - CoreAnimation
 - FontParser
 - Graphics Driver
 - Hypervisor
 - ImageIO
 - IOHIDFamily
 - Kernel
 - LaunchServices
 - libnetcore
 - ntp
 - Open Directory Client
 - OpenLDAP
 - OpenSSL
 - PHP
 - QuickLook
 - SceneKit
 - ScreenSharing
 - Security - Code SIgning
 - UniformTypeIdentifiers
 - WebKit

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The mobile device is running a version of iOS prior to version 8.3.
It is, therefore, affected by vulnerabilities in the following components :

  - AppleKeyStore
  - Audio Drivers
  - Backup
  - Certificate Trust Policy
  - CFNetwork
  - CFNetwork Session
  - CFURL
  - FontParser
  - Foundation
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOMobileFramebuffer
  - iWork Viewer
  - Kernel
  - Keyboards
  - libnetcore
  - Lock Screen
  - NetworkExtension
  - Podcasts
  - Safari
  - Sandbox Profiles
  - Telephony
  - UIKit View
  - WebKit

The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components :

  - Apache
  - ATS
  - Certificate Trust Policy
  - CoreAnimation
  - FontParser
  - Graphics Driver
  - ImageIO
  - IOHIDFamily
  - Kernel
  - LaunchServices
  - Open Directory Client
  - OpenLDAP
  - OpenSSL
  - PHP
  - QuickLook
  - SceneKit
  - Security - Code SIgning
  - UniformTypeIdentifiers

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components :

  - Admin Framework
  - Apache
  - ATS
  - Certificate Trust Policy
  - CFNetwork HTTPProtocol
  - CFNetwork Session
  - CFURL
  - CoreAnimation
  - FontParser
  - Graphics Driver
  - Hypervisor
  - ImageIO
  - IOHIDFamily
  - Kernel
  - LaunchServices
  - libnetcore
  - ntp
  - Open Directory Client
  - OpenLDAP
  - OpenSSL
  - PHP
  - QuickLook
  - SceneKit
  - ScreenSharing
  - Security - Code SIgning
  - UniformTypeIdentifiers
  - WebKit

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
700510	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
82703	Apple iOS < 8.3 Multiple Vulnerabilities	Nessus	Mobile Devices	high
82700	Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)	Nessus	MacOS X Local Security Checks	critical
82699	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)	Nessus	MacOS X Local Security Checks	critical

CVE-2015-1093

MEDIUM

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

high

critical

critical