Mac OS X Multiple Vulnerabilities (Security Updates 2016-001 / 2016-005)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes multiple
security vulnerabilities.

Description :

The remote host is running a version of Mac OS X 10.10.5 or 10.11.6
that is missing a security update. It is therefore, affected by
multiple vulnerabilities in the Kernel component :

- An unspecified flaw exists due to improper validation of
user-supplied input. An attacker can exploit this, by
convincing a user to run a specially crafted
application, to disclose kernel memory contents.
(CVE-2016-4655)

- An unspecified flaw exists due to improper validation of
certain input. An attacker can exploit this, by
convincing a user to run a specially crafted
application, to execute arbitrary code with kernel level
privileges. (CVE-2016-4656)

See also :

https://support.apple.com/en-us/HT207130
http://www.nessus.org/u?faffe2b4

Solution :

Install Security Update 2016-005 (OS X 10.10.5) / 2016-001 (OS X
10.11.6) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 93317 ()

Bugtraq ID: 92651
92652

CVE ID: CVE-2016-4655
CVE-2016-4656

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now