APPLE-SA-2015-09-16-1

APPLE-SA-2015-09-30-3

76764

1033609

https://support.apple.com/HT205212

https://support.apple.com/HT205267

The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11 and is affected by multiple vulnerabilities in the following components : 

 - Address Book 
 - AirScan 
 - apache_mod_php 
 - Apple Online Store Kit 
 - AppleEvents 
 - Audio 
 - bash 
 - Certificate Trust Policy 
 - CFNetwork Cookies - CFNetwork FTPProtocol 
 - CFNetwork HTTPProtocol 
 - CFNetwork Proxies 
 - CFNetwork SSL 
 - CoreCrypto 
 - CoreText 
 - Dev Tools 
 - Disk Images 
 - dyld 
 - EFI 
 - Finder 
 - Game Center 
 - Heimdal 
 - ICU 
 - Install Framework Legacy 
 - Intel Graphics Driver 
 - IOAudioFamily 
 - IOGraphics 
 - IOHIDFamily 
 - IOStorageFamily 
 - Kernel 
 - libc 
 - libpthread 
 - libxpc 
 - Login Window 
 - lukemftpd 
 - Mail 
 - Multipeer Connectivity 
 - NetworkExtension 
 - Notes 
 - OpenSSH 
 - OpenSSL 
 - procmail 
 - remote_cmds 
 - removefile 
 - Ruby 
 - Safari 
 - Safari Downloads 
 - Safari Extensions 
 - Safari Safe Browsing 
 - Security 
 - SMB 
 - SQLite 
 - Telephony 
 - Terminal 
 - tidy 
 - Time Machine 
 - WebKit 
 - WebKit CSS 
 - WebKit JavaScript Bindings 
 - WebKit Page Loading 
 - WebKit Plug-ins

The remote host is running a version of iOS that is prior to version 9.0 and the following components contain vulnerabilities :

 - Apple Pay 
 - AppleKeyStore 
 - Application Store 
 - Audio 
 - Certificate Trust Policy 
 - CFNetwork 
 - CFNetwork Cookies 
 - CFNetwork FTPProtocol 
 - CFNetwork Proxies 
 - CFNetwork SSL 
 - CoreAnimation 
 - CoreCrypto 
 - CoreText 
 - Data Detectors Engine 
 - Dev Tools 
 - Disk Images 
 - dyld 
 - Game Center 
 - ICU 
 - IOAcceleratorFamily 
 - IOHIDFamily 
 - IOKit 
 - IOMobileFrameBuffer 
 - IOStorageFamily 
 - iTunes Store 
 - JavaScriptCore 
 - Kernel 
 - libc 
 - libpthread 
 - Mail 
 - Multipeer Connectivity 
 - NetworkExtension 
 - OpenSSL 
 - PluginKit 
 - removefile 
 - Safari 
 - Safari Safe Browsing 
 - Security 
 - Siri 
 - SpringBoard 
 - SQLite 
 - tidy 
 - WebKit 
 - WebKit Canvas 
 - WebKit Page Loading

The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11. It is, therefore, affected by multiple vulnerabilities in the following components :

  - Address Book
  - AirScan
  - apache_mod_php
  - Apple Online Store Kit
  - AppleEvents
  - Audio
  - bash
  - Certificate Trust Policy
  - CFNetwork Cookies
  - CFNetwork FTPProtocol
  - CFNetwork HTTPProtocol
  - CFNetwork Proxies
  - CFNetwork SSL
  - CoreCrypto
  - CoreText
  - Dev Tools
  - Disk Images
  - dyld
  - EFI
  - Finder
  - Game Center
  - Heimdal
  - ICU
  - Install Framework Legacy
  - Intel Graphics Driver
  - IOAudioFamily
  - IOGraphics
  - IOHIDFamily
  - IOStorageFamily
  - Kernel
  - libc
  - libpthread
  - libxpc
  - Login Window
  - lukemftpd
  - Mail
  - Multipeer Connectivity
  - NetworkExtension
  - Notes
  - OpenSSH
  - OpenSSL
  - procmail
  - remote_cmds
  - removefile
  - Ruby
  - Safari
  - Safari Downloads
  - Safari Extensions
  - Safari Safe Browsing
  - Security
  - SMB
  - SQLite
  - Telephony
  - Terminal
  - tidy
  - Time Machine
  - WebKit
  - WebKit CSS
  - WebKit JavaScript Bindings
  - WebKit Page Loading
  - WebKit Plug-ins

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The mobile device is running a version of iOS prior to version 9.0. It is, therefore, affected by vulnerabilities in the following components :

  - Apple Pay
  - AppleKeyStore
  - Application Store
  - Audio
  - Certificate Trust Policy
  - CFNetwork
  - CFNetwork Cookies
  - CFNetwork FTPProtocol
  - CFNetwork Proxies
  - CFNetwork SSL
  - CommonCrypto 
  - CoreAnimation
  - CoreCrypto
  - CoreText
  - Data Detectors Engine
  - Dev Tools
  - Disk Images
  - dyld
  - Game Center
  - ICU
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - IOMobileFrameBuffer
  - IOStorageFamily
  - iTunes Store
  - JavaScriptCore
  - Kernel
  - libc
  - libpthread
  - Mail
  - Multipeer Connectivity
  - NetworkExtension
  - OpenSSL
  - PluginKit
  - removefile
  - Safari
  - Safari Safe Browsing
  - Security
  - Siri
  - SpringBoard
  - SQLite
  - tidy
  - WebKit
  - WebKit Canvas
  - WebKit Page Loading

ID	Name	Product	Family	Severity
8982	Mac OS X < 10.11 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
8979	Apple iOS < 9.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
86270	Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)	Nessus	MacOS X Local Security Checks	critical
85987	Apple iOS < 9.0 Multiple Vulnerabilities	Nessus	Mobile Devices	critical

CVE-2015-5858

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins