APPLE-SA-2015-08-13-2

APPLE-SA-2015-08-13-3

APPLE-SA-2015-12-08-1

APPLE-SA-2015-12-08-2

APPLE-SA-2015-12-08-3

76343

1033275

https://support.apple.com/HT205635

https://support.apple.com/HT205637

https://support.apple.com/HT205640

https://support.apple.com/kb/HT205030

https://support.apple.com/kb/HT205031

Versions of Apple TV earlier than 7.2.1 are unpatched for vulnerabilities in the following components :

 - bootp
 - CFPreferences
 - CloudKit
 - Code Signing
 - CoreMedia Playback
 - CoreText
 - DiskImages
 - FontParser
 - ImageIO
 - IOHIDFamily
 - IOKit
 - Kernel
 - Libc
 - Libinfo
 - libpthread
 - libxml2
 - libxpc
 - libxslt
 - Location Framework
 - Office Viewer
 - QL Office
 - Sandbox_profiles
 - WebKit

The remote host is running a version of Mac OS X version 10.11.x prior to 10.11.2 and is affected by multiple vulnerabilities in the following components :

 - apache_mod_php
 - AppSandbox
 - Bluetooth
 - CFNetwork HTTPProtocol
 - Compression
 - Configuration Profiles
 - CoreGraphics
 - CoreMedia Playback
 - Disk Images
 - EFI
 - File Bookmark
 - Hypervisor
 - iBooks
 - ImageIO
 - Intel Graphics Driver
 - IOAcceleratorFamily
 - IOHIDFamily
 - IOKit SCSI
 - IOThunderboltFamily
 - Kernel
 - kext tools
 - Keychain Access
 - libarchive
 - libc
 - libexpat
 - libxml2
 - OpenGL
 - OpenLDAP
 - OpenSSH
 - QuickLook
 - Sandbox
 - Security
 - System Integrity Protection

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of iOS that is prior to version 9.2 and the following components contain vulnerabilities :

 - AppleMobileFileIntegrity
 - AppSandbox
 - CFNetwork HTTPProtocol
 - Compression
 - CoreGraphics
 - CoreMedia Playback
 - dyld
 - GPUTools Framework
 - iBooks
 - ImageIO
 - IOHIDFamily
 - IOKit SCSI
 - Kernel
 - LaunchServices
 - libarchive
 - libc
 - libxml2
 - MobileStorageMounter
 - OpenGL
 - Photos
 - QuickLook
 - Safari
 - Sandbox
 - Security
 - Siri
 - WebKit

According to its banner, the remote Apple TV device is a version prior to 7.2.1. It is, therefore, affected by multiple vulnerabilities in the following components :

  - bootp
  - CFPreferences
  - CloudKit
  - Code Signing
  - CoreMedia Playback
  - CoreText
  - DiskImages
  - FontParser
  - ImageIO
  - IOHIDFamily
  - IOKit
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - libxslt
  - Location Framework
  - Office Viewer
  - QL Office
  - Sandbox_profiles
  - WebKit

The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php
  - AppSandbox
  - Bluetooth
  - CFNetwork HTTPProtocol
  - Compression
  - Configuration Profiles
  - CoreGraphics
  - CoreMedia Playback
  - Disk Images
  - EFI
  - File Bookmark
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit SCSI
  - IOThunderboltFamily
  - Kernel
  - kext tools
  - Keychain Access
  - libarchive
  - libc
  - libexpat
  - libxml2
  - OpenGL
  - OpenLDAP
  - OpenSSH
  - QuickLook
  - Sandbox
  - Security
  - System Integrity Protection

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php
  - AppSandbox
  - Bluetooth
  - CFNetwork HTTPProtocol
  - Compression
  - Configuration Profiles
  - CoreGraphics
  - CoreMedia Playback
  - Disk Images
  - EFI
  - File Bookmark
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit SCSI
  - IOThunderboltFamily
  - Kernel
  - kext tools
  - Keychain Access
  - libarchive
  - libc
  - libexpat
  - libxml2
  - OpenGL
  - OpenLDAP
  - OpenSSH
  - QuickLook
  - Sandbox
  - Security
  - System Integrity Protection

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The mobile device is running a version of iOS prior to version 9.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - AppleMobileFileIntegrity
  - AppSandbox
  - CFNetwork HTTPProtocol
  - Compression
  - CoreGraphics
  - CoreMedia Playback
  - dyld
  - GPUTools Framework
  - iBooks
  - ImageIO
  - IOHIDFamily
  - IOKit SCSI
  - Kernel
  - LaunchServices
  - libarchive
  - libc
  - libxml2
  - MobileStorageMounter
  - OpenGL
  - Photos
  - QuickLook
  - Safari
  - Sandbox
  - Security
  - Siri
  - WebKit

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :

 - apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185)
 - apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148)
 - Apple ID OD Plug-in (CVE-2015-3799)
 - AppleGraphicsControl (CVE-2015-5768)
 - Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787)
 - bootp (CVE-2015-3778)
 - CloudKit (CVE-2015-3782)
 - CoreMedia Playback (CVE-2015-5777, CVE-2015-5778)
 - CoreText (CVE-2015-5761, CVE-2015-5755)
 - curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153)
 - Data Detectors Engine (CVE-2015-5750)
 - Date & Time pref pane (CVE-2015-3757)
 - Dictionary Application (CVE-2015-3774)
 - DiskImages (CVE-2015-3800)
 - dyld (CVE-2015-3760)
 - FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756)
 - groff (CVE-2009-5044, CVE-2009-5078)
 - ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782)
 - Install Framework Legacy (CVE-2015-5784, CVE-2015-5754)
 - IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772)
 - IOGraphics (CVE-2015-3770, CVE-2015-5783)
 - IOHIDFamily (CVE-2015-5774)
 - Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761)
 - Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798)
 - Libinfo (CVE-2015-5776)
 - libpthread (CVE-2015-5757)
 - libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807)
 - libxpc (CVE-2015-3795)
 - mail_cmds (CVE-2014-7844)
 - Notification Center OSX (CVE-2015-3764)
 - ntfs (CVE-2015-5763)
 - OpenSSH (CVE-2015-5600)
 - OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
 - perl (CVE-2013-7422)
 - PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244)
 - python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365)
 - QL Office (CVE-2015-5773, CVE-2015-3784)
 - Quartz Composer Framework (CVE-2015-5771)
 - Quick Look (CVE-2015-3781)
 - QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751)
 - SceneKit (CVE-2015-5772, CVE-2015-3783)
 - Security (CVE-2015-3775)
 - SMBClient (CVE-2015-3773)
 - Speech UI (CVE-2015-3794)
 - sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680)
 - tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140)
 - Text Formats (CVE-2015-3762)
 - udf (CVE-2015-3767)

 Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of iOS that is prior to version 8.4.1 and the following components contain vulnerabilities :

 - Air Traffic 
 - AppleFileConduit 
 - Backup 
 - bootp 
 - CFPreferences 
 - Certificate UI 
 - CloudKit 
 - Code Signing 
 - CoreMedia Playback 
 - CoreText 
 - DiskImages 
 - FontParser 
 - IOHIDFamily 
 - IOKit 
 - ImageIO 
 - Kernel 
 - Libc 
 - Libinfo 
 - libpthread 
 - libxml2 
 - libxpc 
 - Location Framework 
 - MSVDX Driver 
 - MobileInstallation 
 - Office Viewer 
 - QL Office 
 - Safari 
 - Sandbox_profiles 
 - UIKit WebView 
 - Web 
 - WebKit

The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - CoreText
  - FontParser
  - Libinfo
  - libxml2
  - OpenSSL
  - perl
  - PostgreSQL
  - QL Office
  - Quartz Composer Framework
  - QuickTime 7
  - SceneKit

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - Apple ID OD Plug-in
  - AppleGraphicsControl
  - Bluetooth
  - bootp
  - CloudKit
  - CoreMedia Playback
  - CoreText
  - curl
  - Data Detectors Engine
  - Date & Time pref pane
  - Dictionary Application
  - DiskImages
  - dyld
  - FontParser
  - groff
  - ImageIO
  - Install Framework Legacy
  - IOFireWireFamily
  - IOGraphics
  - IOHIDFamily
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - mail_cmds
  - Notification Center OSX
  - ntfs
  - OpenSSH
  - OpenSSL
  - perl
  - PostgreSQL
  - python
  - QL Office
  - Quartz Composer Framework
  - Quick Look
  - QuickTime 7
  - SceneKit
  - Security
  - SMBClient
  - Speech UI
  - sudo
  - tcpdump
  - Text Formats
  - udf 

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The mobile device is running a version of iOS prior to version 8.4.1.
It is, therefore, affected by vulnerabilities in the following components :

  - Air Traffic
  - AppleFileConduit
  - Backup
  - bootp
  - CFPreferences
  - Certificate UI
  - CloudKit
  - Code Signing
  - CoreMedia Playback
  - CoreText
  - DiskImages
  - FontParser
  - IOHIDFamily
  - IOKit
  - ImageIO
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - Location Framework
  - MSVDX Driver
  - MobileInstallation
  - Office Viewer
  - QL Office
  - Safari
  - Sandbox_profiles
  - UIKit WebView
  - Web
  - WebKit

ID	Name	Product	Family	Severity
9333	Apple TV < 7.2.1 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	medium
9325	Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
9329	Apple iOS < 9.2 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
90315	Apple TV < 7.2.1 Multiple Vulnerabilities	Nessus	Misc.	critical
87321	Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)	Nessus	MacOS X Local Security Checks	critical
87314	Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
87310	Apple iOS < 9.2 Multiple Vulnerabilities	Nessus	Mobile Devices	high
8981	Mac OS X < 10.10.5 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
8978	Apple iOS < 8.4.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	critical
85409	Mac OS X Multiple Vulnerabilities (Security Update 2015-006)	Nessus	MacOS X Local Security Checks	high
85408	Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
85407	Apple iOS < 8.4.1 Multiple Vulnerabilities	Nessus	Mobile Devices	critical

CVE-2015-3807

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins