Mac OS X EFI Function Execution Vulnerability (EFI Security Update 2015-002)

high Nessus Plugin ID 86722

Synopsis

The remote host is affected by a function execution vulnerability.

Description

The remote Mac OS X host is running an EFI firmware version that is affected by a function execution vulnerability due to an issue with handling EFI arguments. An unauthenticated, remote attacker can exploit this to execute arbitrary functions via unspecified vectors.

Solution

Install Mac EFI Security Update 2015-002.

See Also

https://support.apple.com/en-us/HT205317

http://www.nessus.org/u?df1789d1

Plugin Details

Severity: High

ID: 86722

File Name: macosx_SecUpdEFI2015-002.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 11/4/2015

Updated: 11/20/2019

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, Host/MacOSX/packages/boms

Exploit Ease: No known exploits are available

Patch Publication Date: 10/21/2015

Vulnerability Publication Date: 10/21/2015

Reference Information

CVE: CVE-2015-7035

BID: 74971

APPLE-SA: APPLE-SA-2015-10-21-6