Mac OS X Multiple Vulnerabilities (Security Update 2015-003)
High Nessus Plugin ID 81977
SynopsisThe remote host is missing a Mac OS X update that fixes multiple security issues.
DescriptionThe remote host is running a version of Mac OS X 10.10.2 that is missing Security Update 2015-003. It is, therefore, affected by the following vulnerabilities :
- A type confusion flaw exists in how IOSurface handles serialized objects, which an attacker can use to execute arbitrary code with system privileges. (CVE-2015-1061)
- Multiple buffer overflows exist due to iCloud Keychain improperly validating user-supplied input. A remote, man-in-the-middle attacker can exploit this, via altering the client-server data stream during keychain recovery, to cause a denial of service condition or to execute arbitrary code. (CVE-2015-1065)
SolutionInstall Security Update 2015-003 or later.