94905

1037469

https://support.apple.com/HT207422

https://support.apple.com/HT207423

https://support.apple.com/HT207487

Versions of Apple TV earlier than 10.1 are affected by multiple vulnerabilities in the following components :

 - 3DES
 - Audio
 - Audio
 - Certificates
 - CoreFoundation
 - CoreGraphics
 - CoreMedia External Displays
 - CoreMedia Playback
 - CoreText
 - FontParser
 - ICU
 - IOHDIXController
 - IOHIDFamily
 - IOKit 
 - ImageIO
 - kernel
 - libarchive
 - OCSP
 - Power Management
 - Profiles
 - WebKit
 - WebKit

The version of iOS running on the mobile device is prior to 10.2, and is affected by multiple vulnerabilities in the following components :

 - 3DES
 - Accessibility 
 - Accounts
 - Audio
 - Certificates
 - Clipboard
 - CoreFoundation
 - CoreGraphics
 - CoreMedia External Displays
 - CoreMedia Playback
 - CoreText 
 - Find My iPhone
 - FontParser
 - Graphics Driver
 - ICU
 - Image Capture
 - ImageIO
 - IOHDIXController
 - IOHIDFamily
 - IOKit 152301)
 - kernel
 - libarchive
 - Local Authentication
 - MIG
 - Media Player
 - OCSP
 - Power Management
 - Profiles
 - S/MIME
 - SpringBoard
 - syslog
 - WebKit 
 - WebSheet

The remote host is running a version of Mac OS X version 10.x prior to 10.12.2, and is affected by multiple vulnerabilities in the following components :

 - AppleGraphicsPowerManagement (CVE-2016-7609)
 - Audio (CVE-2016-7658, CVE-2016-7659)
 - Assets (CVE-2016-7628)
 - Bluetooth (CVE-2016-7596, CVE-2016-7605, CVE-2016-7617)
 - CoreCapture (CVE-2016-7604)
 - CoreFoundation (CVE-2016-7663)
 - CoreGraphics (CVE-2016-7627)
 - CoreMedia External Displays (CVE-2016-7655)
 - CoreMedia Playback (CVE-2016-7588)
 - CoreStorage (CVE-2016-7603)
 - CoreText (CVE-2016-7595)
 - Cryptography (CVE-2016-4693)
 - Directory Services (CVE-2016-7633)
 - Disk Images (CVE-2016-7616)
 - FontParser (CVE-2016-4691)
 - Foundation (CVE-2016-7618)
 - Grapher (CVE-2016-7622)
 - ICU (CVE-2016-7594)
 - ImageIO (CVE-2016-7643)
 - Intel Graphics Driver (CVE-2016-7602)
 - IOAcceleratorFamily (CVE-2016-7624)
 - IOFireWireFamily (CVE-2016-7608)
 - IOHIDFamily (CVE-2016-7591)
 - IOKit (CVE-2016-7625, CVE-2016-7657, CVE-2016-7714)
 - IOSurface (CVE-2016-7620)
 - Kernel (CVE-2016-7606, CVE-2016-7607, CVE-2016-7612, CVE-2016-7615, CVE-2016-7621, CVE-2016-7637, CVE-2016-7644)
 - kext tools (CVE-2016-7629)
 - libarchive (CVE-2016-7619)
 - OpenPAM (CVE-2016-7600)
 - Power Management (CVE-2016-7661)
 - Security (CVE-2016-4693, CVE-2016-7662)
 - syslog (CVE-2016-7660)
 WiFi (CVE-2016-7761)
 - xar (CVE-2016-7742)

The remote host is running a version of macOS that is 10.12.x prior to 10.12.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php
  - AppleGraphicsPowerManagement
  - Assets
  - Audio
  - Bluetooth
  - CoreCapture
  - CoreFoundation
  - CoreGraphics
  - CoreMedia External Displays
  - CoreMedia Playback
  - CoreStorage
  - CoreText
  - curl
  - Directory Services
  - Disk Images
  - FontParser
  - Foundation
  - Grapher
  - ICU
  - ImageIO
  - Intel Graphics Driver
  - IOFireWireFamily
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - IOSurface
  - Kernel
  - kext tools
  - libarchive
  - LibreSSL
  - OpenLDAP
  - OpenPAM
  - OpenSSL
  - Power Management
  - Security
  - syslog
  - WiFi
  - xar

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Furthermore, CVE-2016-6304, CVE-2016-7596, and CVE-2016-7604 also affect Mac OS X versions 10.10.5 and 10.11.6. However, this plugin does not check those versions.

The version of Apple iOS running on the mobile device is prior to 10.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - Accessibility
  - Accounts
  - Audio
  - CoreFoundation
  - CoreGraphics
  - CoreMedia External Displays
  - CoreMedia Playback
  - CoreText
  - Disk Images
  - Find My iPhone
  - FontParser
  - Graphics Driver
  - ICU
  - Image Capture
  - ImageIO
  - IOHIDFamily
  - IOKit
  - Kernel
  - libarchive
  - Local Authentication
  - Mail
  - Media Player
  - Power Management
  - Profiles
  - Safari Reader
  - Security
  - SpringBoard
  - syslog
  - WebKit

ID	Name	Product	Family	Severity
9848	Apple TV < 10.1 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	high
9847	Apple iOS < 10.2 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
9840	Mac OS X 10.x < 10.12.2 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
95917	macOS 10.12.x < 10.12.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
95826	Apple iOS < 10.2 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2016-7627

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

high

high

high

high