APPLE-SA-2015-04-08-2

73982

1032048

https://support.apple.com/HT204659

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected by multiple vulnerabilities in the following components :

 - Admin Framework
 - Apache
 - ATS
 - Certificate Trust Policy
 - CFNetwork HTTPProtocol
 - CFNetwork Session
 - CFURL
 - CoreAnimation
 - FontParser
 - Graphics Driver
 - Hypervisor
 - ImageIO
 - IOHIDFamily
 - Kernel
 - LaunchServices
 - libnetcore
 - ntp
 - Open Directory Client
 - OpenLDAP
 - OpenSSL
 - PHP
 - QuickLook
 - SceneKit
 - ScreenSharing
 - Security - Code SIgning
 - UniformTypeIdentifiers
 - WebKit

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-004. It is, therefore, affected multiple vulnerabilities in the following components :

  - Apache
  - ATS
  - Certificate Trust Policy
  - CoreAnimation
  - FontParser
  - Graphics Driver
  - ImageIO
  - IOHIDFamily
  - Kernel
  - LaunchServices
  - Open Directory Client
  - OpenLDAP
  - OpenSSL
  - PHP
  - QuickLook
  - SceneKit
  - Security - Code SIgning
  - UniformTypeIdentifiers

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.3. It is, therefore, affected multiple vulnerabilities in the following components :

  - Admin Framework
  - Apache
  - ATS
  - Certificate Trust Policy
  - CFNetwork HTTPProtocol
  - CFNetwork Session
  - CFURL
  - CoreAnimation
  - FontParser
  - Graphics Driver
  - Hypervisor
  - ImageIO
  - IOHIDFamily
  - Kernel
  - LaunchServices
  - libnetcore
  - ntp
  - Open Directory Client
  - OpenLDAP
  - OpenSSL
  - PHP
  - QuickLook
  - SceneKit
  - ScreenSharing
  - Security - Code SIgning
  - UniformTypeIdentifiers
  - WebKit

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
700510	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
82700	Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)	Nessus	MacOS X Local Security Checks	critical
82699	Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)	Nessus	MacOS X Local Security Checks	critical

CVE-2015-1146

low

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical