APPLE-SA-2015-10-21-1

APPLE-SA-2015-10-21-4

77263

1033929

https://support.apple.com/HT205370

https://support.apple.com/HT205375

The remote host is running a version of Mac OS X version 10.11.x prior to 10.11.1 and is affected by multiple vulnerabilities in the following components :

 - Accelerate Framework (CVE-2015-5940)
 - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)
 - ATS (CVE-2015-6985)
 - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)
 - Bom (CVE-2015-7006)
 - CFNetwork (CVE-2015-7023)
 - configd (CVE-2015-7015)
 - CoreGraphics (CVE-2015-5925, CVE-2015-5926)
 - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017)
 - Directory Utility (CVE-2015-6980)
 - Disk Images (CVE-2015-6995)
 - EFI (CVE-2015-7035)
 - File Bookmark (CVE-2015-6987)
 - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)
 - Grand Central Dispatch (CVE-2015-6989)
 - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021)
 - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939)
 - IOAcceleratorFamily (CVE-2015-6996)
 - IOHIDFamily (CVE-2015-6974)
 - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)
 - libarchive (CVE-2015-6984)
 - MCX Application Restrictions (CVE-2015-7016)
 - Net-SNMP (CVE-2014-3565, CVE-2012-6151)
 - OpenGL (CVE-2015-5924)
 - OpenSSH (CVE-2015-6563)
 - Sandbox (CVE-2015-5945)
 - Script Editor (CVE-2015-7007)
 - Security (CVE-2015-6983, CVE-2015-7024)
 - SecurityAgent (CVE-2015-5943)

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of iOS that is prior to version 9.1 and the following components contain vulnerabilities :

 - Accelerate Framework (CVE-2015-5940)
 - Bom CVE-2015-7006)
 - CFNetwork (CVE-2015-7023)
 - configd (CVE-2015-7015)
 - CoreGraphics (CVE-2015-5925, CVE-2015-5926)
 - CoreText (CVE-2015-6975, CVE-2015-6992, CVE-2015-7017)
 - Disk Images (CVE-2015-6995)
 - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)
 - GasGauge (CVE-2015-6979)
 - Grand Central Dispatch (CVE-2015-6989)
 - Graphics Driver (CVE-2015-6986)
 - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5939)
 - IOAcceleratorFamily (CVE-2015-6996)
 - IOHIDFamily (CVE-2015-6974)
 - Kernel (CVE-2015-7004, CVE-2015-6988, CVE-2015-6994)
 - Notification Center (CVE-2015-7000)
 - OpenGL (CVE-2015-5924)
 - Security (CVE-2015-6983, CVE-2015-6999, CVE-2015-6997)
 - Telephony (CVE-2015-7022)
 - WebKit (CVE-2015-5928, CVE-2015-5929, CVE-2015-5930, CVE-2015-6981, CVE-2015-6982, CVE-2015-7002, CVE-2015-7005, CVE-2015-7012, CVE-2015-7014)

The remote host is running a version of Mac OS X that is 10.9.5 or later but prior to 10.11.1 It is, therefore, affected by multiple vulnerabilities in the following components :

  - Accelerate Framework (CVE-2015-5940)

  - apache_mod_php (CVE-2015-0235, CVE-2015-0273,     CVE-2015-6834, CVE-2015-6835, CVE-2015-6836,     CVE-2015-6837, CVE-2015-6838)

  - ATS (CVE-2015-6985)

  - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)

  - Bom (CVE-2015-7006)

  - CFNetwork (CVE-2015-7023)

  - configd (CVE-2015-7015)

  - CoreGraphics (CVE-2015-5925, CVE-2015-5926)

  - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992,     CVE-2015-7017)

  - Directory Utility (CVE-2015-6980)

  - Disk Images (CVE-2015-6995)

  - EFI (CVE-2015-7035)

  - File Bookmark (CVE-2015-6987)

  - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976,     CVE-2015-6977, CVE-2015-6978, CVE-2015-6990,     CVE-2015-6991, CVE-2015-6993, CVE-2015-7008,     CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)

  - Grand Central Dispatch (CVE-2015-6989)

  - Graphics Drivers (CVE-2015-7019, CVE-2015-7020,     CVE-2015-7021)

  - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937,     CVE-2015-5938, CVE-2015-5939)

  - IOAcceleratorFamily (CVE-2015-6996)

  - IOHIDFamily (CVE-2015-6974)

  - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)

  - libarchive (CVE-2015-6984)

  - MCX Application Restrictions (CVE-2015-7016)

  - Net-SNMP (CVE-2014-3565, CVE-2012-6151)

  - OpenGL (CVE-2015-5924)

  - OpenSSH (CVE-2015-6563)

  - Sandbox (CVE-2015-5945)

  - Script Editor (CVE-2015-7007)

  - Security (CVE-2015-6983, CVE-2015-7024)

  - SecurityAgent (CVE-2015-5943)

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The mobile device is running a version of iOS prior to version 9.1. It is, therefore, affected by multiple vulnerabilities in the following components :

  - Accelerate Framework (CVE-2015-5940)

  - Bom CVE-2015-7006)

  - CFNetwork (CVE-2015-7023)

  - configd (CVE-2015-7015)

  - CoreGraphics (CVE-2015-5925, CVE-2015-5926)

  - CoreText (CVE-2015-6975, CVE-2015-6992, CVE-2015-7017)

  - Disk Images (CVE-2015-6995)

  - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976,     CVE-2015-6977, CVE-2015-6978, CVE-2015-6990,     CVE-2015-6991, CVE-2015-6993, CVE-2015-7008,     CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)

  - GasGauge (CVE-2015-6979)

  - Grand Central Dispatch (CVE-2015-6989)

  - Graphics Driver (CVE-2015-6986)

  - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937,     CVE-2015-5939)

  - IOAcceleratorFamily (CVE-2015-6996)

  - IOHIDFamily (CVE-2015-6974)

  - Kernel (CVE-2015-7004, CVE-2015-6988, CVE-2015-6994)

  - Notification Center (CVE-2015-7000)

  - OpenGL (CVE-2015-5924)

  - Security (CVE-2015-6983, CVE-2015-6999, CVE-2015-6997)

  - Telephony (CVE-2015-7022)

  - WebKit (CVE-2015-5928, CVE-2015-5929, CVE-2015-5930,     CVE-2015-6981, CVE-2015-6982, CVE-2015-7002,     CVE-2015-7005, CVE-2015-7012, CVE-2015-7014)

ID	Name	Product	Family	Severity
9324	Mac OS X 10.9.5 or later < 10.11.1 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
9328	Apple iOS < 9.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
86654	Mac OS X < 10.11.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
86571	Apple iOS < 9.1 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2015-6995

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins