Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities

critical Nessus Plugin ID 87314

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is missing a Mac OS X update that fixes multiple security vulnerabilities.

Description

The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components :

 - apache_mod_php
 - AppSandbox
 - Bluetooth
 - CFNetwork HTTPProtocol
 - Compression
 - Configuration Profiles
 - CoreGraphics
 - CoreMedia Playback
 - Disk Images
 - EFI
 - File Bookmark
 - Hypervisor
 - iBooks
 - ImageIO
 - Intel Graphics Driver
 - IOAcceleratorFamily
 - IOHIDFamily
 - IOKit SCSI
 - IOThunderboltFamily
 - Kernel
 - kext tools
 - Keychain Access
 - libarchive
 - libc
 - libexpat
 - libxml2
 - OpenGL
 - OpenLDAP
 - OpenSSH
 - QuickLook
 - Sandbox
 - Security
 - System Integrity Protection

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Solution

Upgrade to Mac OS X version 10.11.2 or later.

See Also

https://support.apple.com/en-us/HT205579

https://support.apple.com/en-us/HT205637

Plugin Details

Severity: Critical

ID: 87314

File Name: macosx_10_11_2.nasl

Version: 1.10

Type: combined

Agent: macosx

Published: 12/10/2015

Updated: 11/20/2019

Dependencies: ssh_get_info.nasl, os_fingerprint.nasl

Risk Information

CVSS Score Source: CVE-2015-7071

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/8/2015

Vulnerability Publication Date: 8/11/2011

Reference Information

CVE: CVE-2015-7803, CVE-2015-6908, CVE-2012-0876, CVE-2015-3807, CVE-2012-1148, CVE-2011-2895, CVE-2015-7804, CVE-2015-5333, CVE-2015-5334, CVE-2012-1147, CVE-2015-7068, CVE-2015-7110, CVE-2015-7108, CVE-2015-7067, CVE-2015-7044, CVE-2015-7106, CVE-2015-7063, CVE-2015-7078, CVE-2015-7077, CVE-2015-7076, CVE-2015-7071, CVE-2015-7052, CVE-2015-7084, CVE-2015-7047, CVE-2015-7045, CVE-2015-7109, CVE-2015-7062, CVE-2015-7112, CVE-2015-7001, CVE-2015-7054, CVE-2015-7105, CVE-2015-7075, CVE-2015-7053, CVE-2015-7111, CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043, CVE-2015-7083, CVE-2015-7038, CVE-2015-7039, CVE-2015-7064, CVE-2015-7066, CVE-2015-7046, CVE-2015-7073, CVE-2015-7074, CVE-2015-7065, CVE-2015-7058, CVE-2015-7081, CVE-2015-7094, CVE-2015-7107, CVE-2015-7115, CVE-2015-7116, CVE-2015-7061, CVE-2015-7060, CVE-2015-7059

BID: 52379, 76343, 49124, 76959, 78719, 78725, 78730, 76714, 78733, 78735, 77112, 78721

EDB-ID: 38917

APPLE-SA: APPLE-SA-2015-12-08-3