94572

1037469

https://support.apple.com/HT207269

https://support.apple.com/HT207270

https://support.apple.com/HT207271

https://support.apple.com/HT207275

https://support.apple.com/HT207487

The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the     LibreSSL component due to a flaw in the ECDSA     implementation that is triggered when not properly     setting a flag in ECDSA signing nonces to indicate that     only constant-time code paths should be followed. An     unauthenticated, remote attacker can exploit this to     conduct side-channel cache-timing attacks, allowing the     attacker to recover the  modular inversion state     sequences and the ECDSA private keys. Note that this     vulnerability does not affect Mac OS X 10.10.5.
    (CVE-2016-7056)

  - An integer overflow condition exists in the ImageIO     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this, by convincing a user to open a specially crafted     JPEG file, to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-2432)

  - Multiple memory corruption issues exist in the libxslt     component that allow an unauthenticated, remote attacker     to cause a denial of service condition or the execution     of arbitrary code. (CVE-2017-2477)

  - An integer overflow condition exists in the libxslt     component in the xsltAddTextString() function in     transform.c. An unauthenticated, remote attacker can     exploit this, by convincing a user to open a specially     crafted file, to cause an out-of-bounds write,     potentially allowing the execution of arbitrary code.
    (CVE-2017-5029)

The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

  - apache
  - apache_mod_php
  - AppleGraphicsPowerManagement
  - AppleRAID
  - Audio
  - Bluetooth
  - Carbon
  - CoreGraphics
  - CoreMedia
  - CoreText
  - curl
  - EFI
  - FinderKit
  - FontParser
  - HTTPProtocol
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOATAFamily
  - IOFireWireAVC
  - IOFireWireFamily
  - Kernel
  - Keyboards
  - libarchive
  - libc++abi
  - LibreSSL
  - MCX Client
  - Menus
  - Multi-Touch
  - OpenSSH
  - OpenSSL
  - Printing
  - python
  - QuickTime
  - Security
  - SecurityFoundation
  - sudo
  - System Integrity Protection
  - tcpdump
  - tiffutil
  - WebKit

The remote host is running a version of macOS that is 10.12.x prior to 10.12.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php
  - AppleGraphicsPowerManagement
  - Assets
  - Audio
  - Bluetooth
  - CoreCapture
  - CoreFoundation
  - CoreGraphics
  - CoreMedia External Displays
  - CoreMedia Playback
  - CoreStorage
  - CoreText
  - curl
  - Directory Services
  - Disk Images
  - FontParser
  - Foundation
  - Grapher
  - ICU
  - ImageIO
  - Intel Graphics Driver
  - IOFireWireFamily
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - IOSurface
  - Kernel
  - kext tools
  - libarchive
  - LibreSSL
  - OpenLDAP
  - OpenPAM
  - OpenSSL
  - Power Management
  - Security
  - syslog
  - WiFi
  - xar

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Furthermore, CVE-2016-6304, CVE-2016-7596, and CVE-2016-7604 also affect Mac OS X versions 10.10.5 and 10.11.6. However, this plugin does not check those versions.

The version of Apple iOS running on the mobile device is prior to 10.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - Accessibility
  - Accounts
  - Audio
  - CoreFoundation
  - CoreGraphics
  - CoreMedia External Displays
  - CoreMedia Playback
  - CoreText
  - Disk Images
  - Find My iPhone
  - FontParser
  - Graphics Driver
  - ICU
  - Image Capture
  - ImageIO
  - IOHIDFamily
  - IOKit
  - Kernel
  - libarchive
  - Local Authentication
  - Mail
  - Media Player
  - Power Management
  - Profiles
  - Safari Reader
  - Security
  - SpringBoard
  - syslog
  - WebKit

The remote host is running a version of Mac OS X version 10.x prior to 10.12.1, and is affected by multiple vulnerabilities in the following components :

 - AppleMobileFileIntegrity (CVE-2016-7584)
 - AppleGraphicsControl (CVE-2016-4662)
 - AppleSMC (CVE-2016-4678)
 - ATS (CVE-2016-4667, CVE-2016-4674)
 - CFNetwork Proxies (CVE-2016-7579)
 - CoreGraphics (CVE-2016-4673)
 - Core Image (CVE-2016-4681)
 - FaceTime (CVE-2016-7577)
 - FontParser (CVE-2016-4660, CVE-2016-4688)
 - IDS - Connectivity (CVE-2016-4721)
 - ImageIO (CVE-2016-4671, CVE-2016-4682, CVE-2016-4683)
 - Kernel (CVE-2016-4669, CVE-2016-7613)
 - libarchive (CVE-2016-4679)
 - libxpc (CVE-2016-4675)
 - ntfs (CVE-2016-4661)
 - NVIDIA Graphics Drivers (CVE-2016-4663)
 - Security (CVE-2016-4670)
 - Thunderbolt (CVE-2016-4780)

The version of iOS running on the mobile device is prior to 10.1, and is affected by multiple vulnerabilities in the following components :

 - CFNetwork Proxies (CVE-2016-7579)
 - Contacts (CVE-2016-4686)
 - CoreGraphics (CVE-2016-4673)
 - FaceTime (CVE-2016-7577)
 - FontParser (CVE-2016-4660, CVE-2016-4688)
 - IDS - Connectivity (CVE-2016-4721)
 - iTunes (CVE-2016-4685)
 - Kernel (CVE-2016-4669, CVE-2016-4680, CVE-2016-7613)
 - libarchive (CVE-2016-4679)
 - libxpc (CVE-2016-4675)
 - Safari (CVE-2016-7581)
 - Sandbox Profiles (CVE-2016-4664, CVE-2016-4665)
 - Security (CVE-2016-4670)
 - WebKit (CVE-2016-4666, CVE-2016-4677, CVE-2016-7578)

According to its banner, the version of Apple TV on the remote device is prior to 10.0.1. It is, therefore, affected by multiple vulnerabilities :

  - A flaw exists in WebKit when handling the location     attribute that allows an unauthenticated, remote     attacker to bypass the cross-origin policies and     disclose sensitive user information. (CVE-2016-4613)

  - An out-of-bounds read error exists in the FontParser     component when handling specially crafted font files     that allows an unauthenticated, remote attacker to     disclose sensitive information. (CVE-2016-4660)

  - An unspecified flaw exists in the Sandbox Profiles     component that allows a local attacker, via a specially     crafted application, to disclose the metadata of photo     directories. (CVE-2016-4664)

  - An unspecified flaw exists in the Sandbox Profiles     component that allows a local attacker, via a specially     crafted application, to disclose the metadata of audio     recordings. (CVE-2016-4665)

  - Multiple memory corruption issues exist in Webkit due     to improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit these to     execute arbitrary code. (CVE-2016-4666, CVE-2016-4677,     CVE-2016-7578)

  - Multiple unspecified flaws exist in the System Boot     component, within MIG generated code, due to improper     validation of input. A local attacker can exploit these     to terminate the system or execute arbitrary code with     elevated privileges. (CVE-2016-4669)

  - A memory corruption issue exists in the CoreGraphics     component when handling specially crafted JPEG files. An     unauthenticated, remote attacker can exploit this, via a     specially crafted file, to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2016-4673)

  - An unspecified logic issue exists in libxpc that allows     a local attacker to execute arbitrary code with root     privileges. (CVE-2016-4675)

  - A flaw exists in libarchive due to improper path     validation when creating temporary files during archive     extraction. An unauthenticated, remote attacker can     exploit this, via a symlink attack, to overwrite     arbitrary files. (CVE-2016-4679)

  - An unspecified flaw exists in the Kernel component due     to improper sanitization of input. A local attacker can     exploit this to disclose kernel memory contents.
    (CVE-2016-4680)

  - An overflow condition exists in the FontParser component     due to improper validation when parsing font files. An     unauthenticated, remote attacker can exploit this to     cause a buffer overflow, resulting in a denial of     service condition or the execution of arbitrary code.
    (CVE-2016-4688)

  - A flaw exists in the CFNetwork Proxies component when     handling proxy credentials that allows a     man-in-the-middle attacker to disclose sensitive user     information. (CVE-2016-7579)

  - A flaw exists in the AppleMobileFileIntegrity component     due to improper validation of code signatures. A local     attacker can exploit this to have a signed executable     substitute code with the same team ID. (CVE-2016-7584)

  - Multiple race conditions exist in various IOKit drivers     related to how they use task struct pointers. A local     attacker can exploit this to execute arbitrary code with     kernel-level privileges. (CVE-2016-7613)

Note that only 4th generation models are affected by these vulnerabilities.

The version of iOS running on the mobile device is prior to 10.1. It is, therefore, affected by multiple vulnerabilities :

  - A flaw exists in the FaceTime component when handling     relayed calls due to inconsistencies in the user     interface. A man-in-the-middle attacker can exploit this     issue to cause a relayed call to continue to transmit     audio while the call appears to be terminated.
    (CVE-2016-4635)

  - An out-of-bounds read error exists in the FontParser     component when handling specially crafted font files     that allows an unauthenticated, remote attacker to     disclose sensitive information. (CVE-2016-4660)

  - An unspecified flaw exists in the Sandbox Profiles     component that allows a local attacker, via a specially     crafted application, to disclose the metadata of photo     directories. (CVE-2016-4664)

  - An unspecified flaw exists in the Sandbox Profiles     component that allows a local attacker, via a specially     crafted application, to disclose the metadata of audio     recordings. (CVE-2016-4665)

  - Multiple memory corruption issues exist in Webkit due     to improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit these to     execute arbitrary code. (CVE-2016-4666, CVE-2016-4677)

  - Multiple unspecified flaws exist in the System Boot     component, within MIG generated code, due to improper     validation of input. A local attacker can exploit these     to terminate the system or execute arbitrary code with     elevated privileges. (CVE-2016-4669)

  - A flaw exists in the Security component due to the     program logging the length of passwords. A local     attacker can exploit this to disclose sensitive     information. (CVE-2016-4670)

  - A memory corruption issue exists in the CoreGraphics     component when handling specially crafted JPEG files. An     unauthenticated, remote attacker can exploit this, via a     specially crafted file, to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2016-4673)

  - An unspecified logic issue exists in libxpc that allows     a local attacker to execute arbitrary code with root     privileges. (CVE-2016-4675)

  - A flaw exists in libarchive due to improper path     validation when creating temporary files during archive     extraction. An unauthenticated, remote attacker can     exploit this, via a symlink attack, to overwrite     arbitrary files. (CVE-2016-4679)

  - An unspecified flaw exists in the Kernel component due     to improper sanitization of input. A local attacker can     exploit this to disclose kernel memory contents.
    (CVE-2016-4680)

  - A flaw exists in the Contacts component due to a failure     to revoke an application's access to the Address Book     after its access has been removed in Settings. A local     attacker can exploit this to cause access to persist     after it should have been removed. (CVE-2016-4686)

  - A flaw exists in the CFNetworks component when handling     proxy credentials that allows a man-in-the-middle     attacker to disclose sensitive user information.
    (CVE-2016-7579)

The remote host is running a version of Mac OS X that is 10.12.x prior to macOS 10.12.1. It is, therefore, affected by multiple vulnerabilities in the following components :

  - ATS
  - AppleMobileFileIntegrity
  - AppleSMC
  - CFNetwork Proxies
  - CoreGraphics
  - FaceTime
  - FontParser
  - IDS - Connectivity
  - Kernel
  - libarchive
  - libxpc
  - ntfs
  - Security
  - Thunderbolt

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
99135	Mac OS X Multiple Vulnerabilities (Security Update 2017-001	Nessus	MacOS X Local Security Checks	high
99134	macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)	Nessus	MacOS X Local Security Checks	high
95917	macOS 10.12.x < 10.12.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
95826	Apple iOS < 10.2 Multiple Vulnerabilities	Nessus	Mobile Devices	high
9758	Mac OS X 10.x < 10.12.1 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
9756	Apple iOS < 10.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
94337	Apple TV < 10.0.1 Multiple Vulnerabilities	Nessus	Misc.	high
94330	Apple iOS < 10.1 Multiple Vulnerabilities	Nessus	Mobile Devices	high
94253	macOS 10.12.x < 10.12.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical

CVE-2016-4688

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins