APPLE-SA-2015-12-08-1

APPLE-SA-2015-12-08-3

1034344

https://support.apple.com/HT205635

https://support.apple.com/HT205637

The remote host is running a version of Mac OS X version 10.11.x prior to 10.11.2 and is affected by multiple vulnerabilities in the following components :

 - apache_mod_php
 - AppSandbox
 - Bluetooth
 - CFNetwork HTTPProtocol
 - Compression
 - Configuration Profiles
 - CoreGraphics
 - CoreMedia Playback
 - Disk Images
 - EFI
 - File Bookmark
 - Hypervisor
 - iBooks
 - ImageIO
 - Intel Graphics Driver
 - IOAcceleratorFamily
 - IOHIDFamily
 - IOKit SCSI
 - IOThunderboltFamily
 - Kernel
 - kext tools
 - Keychain Access
 - libarchive
 - libc
 - libexpat
 - libxml2
 - OpenGL
 - OpenLDAP
 - OpenSSH
 - QuickLook
 - Sandbox
 - Security
 - System Integrity Protection

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of iOS that is prior to version 9.2 and the following components contain vulnerabilities :

 - AppleMobileFileIntegrity
 - AppSandbox
 - CFNetwork HTTPProtocol
 - Compression
 - CoreGraphics
 - CoreMedia Playback
 - dyld
 - GPUTools Framework
 - iBooks
 - ImageIO
 - IOHIDFamily
 - IOKit SCSI
 - Kernel
 - LaunchServices
 - libarchive
 - libc
 - libxml2
 - MobileStorageMounter
 - OpenGL
 - Photos
 - QuickLook
 - Safari
 - Sandbox
 - Security
 - Siri
 - WebKit

The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php
  - AppSandbox
  - Bluetooth
  - CFNetwork HTTPProtocol
  - Compression
  - Configuration Profiles
  - CoreGraphics
  - CoreMedia Playback
  - Disk Images
  - EFI
  - File Bookmark
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit SCSI
  - IOThunderboltFamily
  - Kernel
  - kext tools
  - Keychain Access
  - libarchive
  - libc
  - libexpat
  - libxml2
  - OpenGL
  - OpenLDAP
  - OpenSSH
  - QuickLook
  - Sandbox
  - Security
  - System Integrity Protection

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php
  - AppSandbox
  - Bluetooth
  - CFNetwork HTTPProtocol
  - Compression
  - Configuration Profiles
  - CoreGraphics
  - CoreMedia Playback
  - Disk Images
  - EFI
  - File Bookmark
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit SCSI
  - IOThunderboltFamily
  - Kernel
  - kext tools
  - Keychain Access
  - libarchive
  - libc
  - libexpat
  - libxml2
  - OpenGL
  - OpenLDAP
  - OpenSSH
  - QuickLook
  - Sandbox
  - Security
  - System Integrity Protection

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The mobile device is running a version of iOS prior to version 9.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - AppleMobileFileIntegrity
  - AppSandbox
  - CFNetwork HTTPProtocol
  - Compression
  - CoreGraphics
  - CoreMedia Playback
  - dyld
  - GPUTools Framework
  - iBooks
  - ImageIO
  - IOHIDFamily
  - IOKit SCSI
  - Kernel
  - LaunchServices
  - libarchive
  - libc
  - libxml2
  - MobileStorageMounter
  - OpenGL
  - Photos
  - QuickLook
  - Safari
  - Sandbox
  - Security
  - Siri
  - WebKit

ID	Name	Product	Family	Severity
9325	Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
9329	Apple iOS < 9.2 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
87321	Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)	Nessus	MacOS X Local Security Checks	critical
87314	Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
87310	Apple iOS < 9.2 Multiple Vulnerabilities	Nessus	Mobile Devices	critical

CVE-2015-7081

MEDIUM

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

high

critical

critical

critical