https://support.apple.com/HT207423

The remote host is running a version of Mac OS X version 10.x prior to 10.12.2, and is affected by multiple vulnerabilities in the following components :

 - AppleGraphicsPowerManagement (CVE-2016-7609)
 - Audio (CVE-2016-7658, CVE-2016-7659)
 - Assets (CVE-2016-7628)
 - Bluetooth (CVE-2016-7596, CVE-2016-7605, CVE-2016-7617)
 - CoreCapture (CVE-2016-7604)
 - CoreFoundation (CVE-2016-7663)
 - CoreGraphics (CVE-2016-7627)
 - CoreMedia External Displays (CVE-2016-7655)
 - CoreMedia Playback (CVE-2016-7588)
 - CoreStorage (CVE-2016-7603)
 - CoreText (CVE-2016-7595)
 - Cryptography (CVE-2016-4693)
 - Directory Services (CVE-2016-7633)
 - Disk Images (CVE-2016-7616)
 - FontParser (CVE-2016-4691)
 - Foundation (CVE-2016-7618)
 - Grapher (CVE-2016-7622)
 - ICU (CVE-2016-7594)
 - ImageIO (CVE-2016-7643)
 - Intel Graphics Driver (CVE-2016-7602)
 - IOAcceleratorFamily (CVE-2016-7624)
 - IOFireWireFamily (CVE-2016-7608)
 - IOHIDFamily (CVE-2016-7591)
 - IOKit (CVE-2016-7625, CVE-2016-7657, CVE-2016-7714)
 - IOSurface (CVE-2016-7620)
 - Kernel (CVE-2016-7606, CVE-2016-7607, CVE-2016-7612, CVE-2016-7615, CVE-2016-7621, CVE-2016-7637, CVE-2016-7644)
 - kext tools (CVE-2016-7629)
 - libarchive (CVE-2016-7619)
 - OpenPAM (CVE-2016-7600)
 - Power Management (CVE-2016-7661)
 - Security (CVE-2016-4693, CVE-2016-7662)
 - syslog (CVE-2016-7660)
 WiFi (CVE-2016-7761)
 - xar (CVE-2016-7742)

The remote host is running a version of macOS that is 10.12.x prior to 10.12.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php
  - AppleGraphicsPowerManagement
  - Assets
  - Audio
  - Bluetooth
  - CoreCapture
  - CoreFoundation
  - CoreGraphics
  - CoreMedia External Displays
  - CoreMedia Playback
  - CoreStorage
  - CoreText
  - curl
  - Directory Services
  - Disk Images
  - FontParser
  - Foundation
  - Grapher
  - ICU
  - ImageIO
  - Intel Graphics Driver
  - IOFireWireFamily
  - IOAcceleratorFamily
  - IOHIDFamily
  - IOKit
  - IOSurface
  - Kernel
  - kext tools
  - libarchive
  - LibreSSL
  - OpenLDAP
  - OpenPAM
  - OpenSSL
  - Power Management
  - Security
  - syslog
  - WiFi
  - xar

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Furthermore, CVE-2016-6304, CVE-2016-7596, and CVE-2016-7604 also affect Mac OS X versions 10.10.5 and 10.11.6. However, this plugin does not check those versions.

ID	Name	Product	Family	Severity
9840	Mac OS X 10.x < 10.12.2 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
95917	macOS 10.12.x < 10.12.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high

CVE-2016-7742

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high