Apple Xcode < 8.1 Node.js Multiple RCE (macOS)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

An IDE application installed on the remote macOS or Mac OS X host is
affected by multiple remote code execution vulnerabilities.

Description :

The version of Apple Xcode installed on the remote macOS or Mac OS X
host is prior to 8.1. It is, therefore, affected by multiple remote
code execution vulnerabilities in the Node.js component of the Xcode
Server. An unauthenticated, remote attacker can exploit these
vulnerabilities to cause a denial of service condition or the
execution of arbitrary code.

See also :

https://support.apple.com/en-us/HT207268
http://www.nessus.org/u?a0f77052

Solution :

Upgrade to Apple Xcode version 8.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now