Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)

critical Nessus Plugin ID 86829

Synopsis

The remote host is missing a Mac OS X update that fixes multiple security vulnerabilities.

Description

The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-004 or 2015-007. It is, therefore, affected by multiple vulnerabilities in the following components :

- Accelerate Framework
- apache_mod_php
- ATS
- Audio
- CFNetwork
- CoreGraphics
- CoreText
- EFI
- FontParser
- Grand Central Dispatch
- ImageIO
- IOAcceleratorFamily
- Kernel
- libarchive
- MCX Application Restrictions
- OpenGL

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Solution

Install Security Update 2015-004 / 2015-007 or later.

See Also

https://support.apple.com/en-us/HT205375

http://www.nessus.org/u?c7e01da3

Plugin Details

Severity: Critical

ID: 86829

File Name: macosx_SecUpd2015-007.nasl

Version: 1.9

Type: local

Agent: macosx

Published: 11/10/2015

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, Host/MacOSX/packages/boms

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/21/2015

Vulnerability Publication Date: 10/21/2015

Exploitable With

Core Impact

Metasploit (Exim GHOST (glibc gethostbyname) Buffer Overflow)

Reference Information

CVE: CVE-2015-0235, CVE-2015-0273, CVE-2015-4860, CVE-2015-5924, CVE-2015-5925, CVE-2015-5926, CVE-2015-5927, CVE-2015-5932, CVE-2015-5933, CVE-2015-5934, CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939, CVE-2015-5940, CVE-2015-5942, CVE-2015-5944, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838, CVE-2015-6975, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6984, CVE-2015-6985, CVE-2015-6989, CVE-2015-6991, CVE-2015-6992, CVE-2015-6993, CVE-2015-6996, CVE-2015-7009, CVE-2015-7010, CVE-2015-7016, CVE-2015-7018, CVE-2015-7023, CVE-2015-7035

BID: 69477, 72325, 72701, 74971, 76317, 76644, 76649, 76733, 76734, 76738, 77162, 77263, 77265, 77266, 77270

APPLE-SA: APPLE-SA-2015-10-21-4