This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The remote Mac OS X host is running EFI firmware that is affected by
multiple vulnerabilities :
- An insufficient locking issue exists, when resuming from
sleep states, which allows a local attacker to write to
the EFI flash memory by using an crafted application
with root privileges. (CVE-2015-3692)
- A flaw exists due to lax restrictions on memory refresh
rates, which allows a specially crafted process to
corrupt the memory of some DDR3 SDRAM devices by
inducing bit flips in page table entries (PTEs), also
known as a 'row-hammer attack'. An attacker can exploit
this to gain elevated privileges by manipulating the
See also :
Install Mac EFI Security Update 2015-001.
Risk factor :
Low / CVSS Base Score : 1.7