https://support.apple.com/HT207422

https://support.apple.com/HT207423

https://support.apple.com/HT207487

Versions of Apple TV earlier than 10.1 are affected by multiple vulnerabilities in the following components :

 - 3DES
 - Audio
 - Audio
 - Certificates
 - CoreFoundation
 - CoreGraphics
 - CoreMedia External Displays
 - CoreMedia Playback
 - CoreText
 - FontParser
 - ICU
 - IOHDIXController
 - IOHIDFamily
 - IOKit 
 - ImageIO
 - kernel
 - libarchive
 - OCSP
 - Power Management
 - Profiles
 - WebKit
 - WebKit

The version of iOS running on the mobile device is prior to 10.2, and is affected by multiple vulnerabilities in the following components :

 - 3DES
 - Accessibility 
 - Accounts
 - Audio
 - Certificates
 - Clipboard
 - CoreFoundation
 - CoreGraphics
 - CoreMedia External Displays
 - CoreMedia Playback
 - CoreText 
 - Find My iPhone
 - FontParser
 - Graphics Driver
 - ICU
 - Image Capture
 - ImageIO
 - IOHDIXController
 - IOHIDFamily
 - IOKit 152301)
 - kernel
 - libarchive
 - Local Authentication
 - MIG
 - Media Player
 - OCSP
 - Power Management
 - Profiles
 - S/MIME
 - SpringBoard
 - syslog
 - WebKit 
 - WebSheet

The remote host is running a version of macOS that is 10.12.x prior to 10.12.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php
  - AppleGraphicsPowerManagement
  - Assets
  - Audio
  - Bluetooth
  - CoreCapture
  - CoreFoundation
  - CoreGraphics
  - CoreMedia External Displays
  - CoreMedia Playback
  - CoreStorage
  - CoreText
  - curl
  - Directory Services
  - Disk Images
  - FontParser
  - Foundation
  - Grapher
  - ICU
  - ImageIO
  - Intel Graphics Driver
  - IOFireWireFamily
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - IOSurface
  - Kernel
  - kext tools
  - libarchive
  - LibreSSL
  - OpenLDAP
  - OpenPAM
  - OpenSSL
  - Power Management
  - Security
  - syslog
  - WiFi
  - xar

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Furthermore, CVE-2016-6304, CVE-2016-7596, and CVE-2016-7604 also affect Mac OS X versions 10.10.5 and 10.11.6. However, this plugin does not check those versions.

The remote host is running a version of Mac OS X version 10.x prior to 10.12.2, and is affected by multiple vulnerabilities in the following components :

 - AppleGraphicsPowerManagement (CVE-2016-7609)
 - Audio (CVE-2016-7658, CVE-2016-7659)
 - Assets (CVE-2016-7628)
 - Bluetooth (CVE-2016-7596, CVE-2016-7605, CVE-2016-7617)
 - CoreCapture (CVE-2016-7604)
 - CoreFoundation (CVE-2016-7663)
 - CoreGraphics (CVE-2016-7627)
 - CoreMedia External Displays (CVE-2016-7655)
 - CoreMedia Playback (CVE-2016-7588)
 - CoreStorage (CVE-2016-7603)
 - CoreText (CVE-2016-7595)
 - Cryptography (CVE-2016-4693)
 - Directory Services (CVE-2016-7633)
 - Disk Images (CVE-2016-7616)
 - FontParser (CVE-2016-4691)
 - Foundation (CVE-2016-7618)
 - Grapher (CVE-2016-7622)
 - ICU (CVE-2016-7594)
 - ImageIO (CVE-2016-7643)
 - Intel Graphics Driver (CVE-2016-7602)
 - IOAcceleratorFamily (CVE-2016-7624)
 - IOFireWireFamily (CVE-2016-7608)
 - IOHIDFamily (CVE-2016-7591)
 - IOKit (CVE-2016-7625, CVE-2016-7657, CVE-2016-7714)
 - IOSurface (CVE-2016-7620)
 - Kernel (CVE-2016-7606, CVE-2016-7607, CVE-2016-7612, CVE-2016-7615, CVE-2016-7621, CVE-2016-7637, CVE-2016-7644)
 - kext tools (CVE-2016-7629)
 - libarchive (CVE-2016-7619)
 - OpenPAM (CVE-2016-7600)
 - Power Management (CVE-2016-7661)
 - Security (CVE-2016-4693, CVE-2016-7662)
 - syslog (CVE-2016-7660)
 WiFi (CVE-2016-7761)
 - xar (CVE-2016-7742)

The version of Apple iOS running on the mobile device is prior to 10.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - Accessibility
  - Accounts
  - Audio
  - CoreFoundation
  - CoreGraphics
  - CoreMedia External Displays
  - CoreMedia Playback
  - CoreText
  - Disk Images
  - Find My iPhone
  - FontParser
  - Graphics Driver
  - ICU
  - Image Capture
  - ImageIO
  - IOHIDFamily
  - IOKit
  - Kernel
  - libarchive
  - Local Authentication
  - Mail
  - Media Player
  - Power Management
  - Profiles
  - Safari Reader
  - Security
  - SpringBoard
  - syslog
  - WebKit

ID	Name	Product	Family	Severity
9848	Apple TV < 10.1 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	high
9847	Apple iOS < 10.2 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
95917	macOS 10.12.x < 10.12.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
9840	Mac OS X 10.x < 10.12.2 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
95826	Apple iOS < 10.2 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2016-7714

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins