macOS < 10.12 Multiple Vulnerabilities

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a macOS update that fixes multiple security
vulnerabilities.

Description :

The remote host is running a version of Mac OS X that is prior to
10.10.5, 10.11.x prior to 10.11.6, or is not macOS 10.12. It is,
therefore, affected by multiple vulnerabilities in the following
components :

- apache
- apache_mod_php
- Apple HSSPI Support
- AppleEFIRuntime
- AppleMobileFileIntegrity
- AppleUCC
- Application Firewall
- ATS
- Audio
- Bluetooth
- cd9660
- CFNetwork
- CommonCrypto
- CoreCrypto
- CoreDisplay
- curl
- Date & Time Pref Pane
- DiskArbitration
- File Bookmark
- FontParser
- IDS - Connectivity
- ImageIO
- Intel Graphics Driver
- IOAcceleratorFamily
- IOThunderboltFamily
- Kerberos v5 PAM module
- Kernel
- libarchive
- libxml2
- libxpc
- libxslt
- mDNSResponder
- NSSecureTextField
- Perl
- S2 Camera
- Security
- Terminal
- WindowServer

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

https://support.apple.com/en-us/HT207170
http://www.nessus.org/u?c49c769b

Solution :

Upgrade to macOS version 10.12 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true