Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes multiple
security vulnerabilities.

Description :

The remote host is running a version of Mac OS X 10.10.x that is prior
to 10.10.5. It is, therefore, affected by multiple vulnerabilities in
the following components :

- apache
- apache_mod_php
- Apple ID OD Plug-in
- AppleGraphicsControl
- Bluetooth
- bootp
- CloudKit
- CoreMedia Playback
- CoreText
- curl
- Data Detectors Engine
- Date & Time pref pane
- Dictionary Application
- DiskImages
- dyld
- FontParser
- groff
- ImageIO
- Install Framework Legacy
- IOFireWireFamily
- IOGraphics
- IOHIDFamily
- Kernel
- Libc
- Libinfo
- libpthread
- libxml2
- libxpc
- mail_cmds
- Notification Center OSX
- ntfs
- OpenSSH
- OpenSSL
- perl
- PostgreSQL
- python
- QL Office
- Quartz Composer Framework
- Quick Look
- QuickTime 7
- SceneKit
- Security
- SMBClient
- Speech UI
- sudo
- tcpdump
- Text Formats
- udf

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

https://support.apple.com/en-us/HT205031

Solution :

Upgrade to Mac OS X 10.10.5 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 85408 ()

Bugtraq ID: 36381
58203
58207
62741
64194
65179
65379
65721
65997
67233
69742
69748
70089
70644
70988
71150
71153
71468
71639
71656
71657
71701
71964
72538
72540
72542
72543
72649
72981
73040
73041
73357
73431
74174
74204
74239
74240
74299
74300
74301
74303
74408
74700
74703
74902
74903
74904
75056
75103
75154
75156
75157
75158
75161
75704
75963
75964
75965
75990
76337
76338
76339
76340
76341
76342
76343
76344

CVE ID: CVE-2009-5044
CVE-2009-5078
CVE-2012-6685
CVE-2013-1775
CVE-2013-1776
CVE-2013-2776
CVE-2013-2777
CVE-2013-7040
CVE-2013-7338
CVE-2013-7422
CVE-2014-0067
CVE-2014-0106
CVE-2014-0191
CVE-2014-1912
CVE-2014-3581
CVE-2014-3583
CVE-2014-3613
CVE-2014-3620
CVE-2014-3660
CVE-2014-3707
CVE-2014-7185
CVE-2014-7844
CVE-2014-8109
CVE-2014-8150
CVE-2014-8151
CVE-2014-8161
CVE-2014-8767
CVE-2014-8769
CVE-2014-9140
CVE-2014-9365
CVE-2014-9680
CVE-2015-0228
CVE-2015-0241
CVE-2015-0242
CVE-2015-0243
CVE-2015-0244
CVE-2015-0253
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-2783
CVE-2015-2787
CVE-2015-3143
CVE-2015-3144
CVE-2015-3145
CVE-2015-3148
CVE-2015-3153
CVE-2015-3183
CVE-2015-3185
CVE-2015-3307
CVE-2015-3329
CVE-2015-3330
CVE-2015-3729
CVE-2015-3730
CVE-2015-3731
CVE-2015-3732
CVE-2015-3733
CVE-2015-3734
CVE-2015-3735
CVE-2015-3736
CVE-2015-3737
CVE-2015-3738
CVE-2015-3739
CVE-2015-3740
CVE-2015-3741
CVE-2015-3742
CVE-2015-3743
CVE-2015-3744
CVE-2015-3745
CVE-2015-3746
CVE-2015-3747
CVE-2015-3748
CVE-2015-3749
CVE-2015-3750
CVE-2015-3751
CVE-2015-3752
CVE-2015-3753
CVE-2015-3754
CVE-2015-3755
CVE-2015-3757
CVE-2015-3760
CVE-2015-3761
CVE-2015-3762
CVE-2015-3764
CVE-2015-3765
CVE-2015-3766
CVE-2015-3767
CVE-2015-3768
CVE-2015-3769
CVE-2015-3770
CVE-2015-3771
CVE-2015-3772
CVE-2015-3773
CVE-2015-3774
CVE-2015-3775
CVE-2015-3776
CVE-2015-3777
CVE-2015-3778
CVE-2015-3779
CVE-2015-3780
CVE-2015-3781
CVE-2015-3782
CVE-2015-3783
CVE-2015-3784
CVE-2015-3786
CVE-2015-3787
CVE-2015-3788
CVE-2015-3789
CVE-2015-3790
CVE-2015-3791
CVE-2015-3792
CVE-2015-3794
CVE-2015-3795
CVE-2015-3796
CVE-2015-3797
CVE-2015-3798
CVE-2015-3799
CVE-2015-3800
CVE-2015-3802
CVE-2015-3803
CVE-2015-3804
CVE-2015-3805
CVE-2015-3806
CVE-2015-3807
CVE-2015-4021
CVE-2015-4022
CVE-2015-4024
CVE-2015-4025
CVE-2015-4026
CVE-2015-4147
CVE-2015-4148
CVE-2015-5600
CVE-2015-5747
CVE-2015-5748
CVE-2015-5750
CVE-2015-5751
CVE-2015-5753
CVE-2015-5754
CVE-2015-5755
CVE-2015-5756
CVE-2015-5757
CVE-2015-5758
CVE-2015-5761
CVE-2015-5763
CVE-2015-5768
CVE-2015-5771
CVE-2015-5772
CVE-2015-5773
CVE-2015-5774
CVE-2015-5775
CVE-2015-5776
CVE-2015-5777
CVE-2015-5778
CVE-2015-5779
CVE-2015-5781
CVE-2015-5782
CVE-2015-5783
CVE-2015-5784

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now