Mac OS X 10.8.x < 10.8.3 Multiple Vulnerabilities

high Nessus Plugin ID 65577

Synopsis

The remote host is missing a Mac OS X update that fixes several security issues.

Description

The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.3. The newer version contains multiple security-related fixes for the following components :

- Apache
- CoreTypes
- International Components for Unicode
- Identity Services
- ImageIO
- IOAcceleratorFamily
- Kernel
- Login Window
- Messages
- PDFKit
- QuickTime
- Security

Note that the update also runs a malware removal tool that will remove the most common variants of malware.

Solution

Upgrade to Mac OS X 10.8.3 or later.

See Also

http://support.apple.com/kb/HT5672

http://www.zerodayinitiative.com/advisories/ZDI-13-055/

http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

http://www.securityfocus.com/archive/1/526003/30/0/threaded

Plugin Details

Severity: High

ID: 65577

File Name: macosx_10_8_3.nasl

Version: 1.11

Type: combined

Agent: macosx

Published: 3/15/2013

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Exploit Ease: No known exploits are available

Patch Publication Date: 3/14/2013

Vulnerability Publication Date: 3/28/2012

Reference Information

CVE: CVE-2011-3058, CVE-2012-2088, CVE-2012-3749, CVE-2012-3756, CVE-2013-0963, CVE-2013-0966, CVE-2013-0967, CVE-2013-0969, CVE-2013-0970, CVE-2013-0971, CVE-2013-0976

BID: 54270, 52762, 56361, 57598, 56552, 58509, 58512, 58513, 58515, 58516, 58517

APPLE-SA: APPLE-SA-2013-03-14-1