New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
SynopsisThe remote host is missing a Mac OS X update that fixes multiple security vulnerabilities.
DescriptionThe remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components :
- CFNetwork HTTPProtocol
- Configuration Profiles
- CoreMedia Playback
- Disk Images
- File Bookmark
- Intel Graphics Driver
- IOKit SCSI
- kext tools
- Keychain Access
- System Integrity Protection
Note that successful exploitation of the most serious issues can result in arbitrary code execution.
SolutionInstall Security Update 2015-006 (OS X 10.9.5) / 2015-008 (OS X 10.10.5) or later. Note that Security Update 2015-006 is a replacement for the earlier 2015-005 update mentioned in the original advisory.