Mac OS X Libxslt Function Type Confusion RCE (Security Update 2016-001)
High Nessus Plugin ID 88048
SynopsisThe remote host is missing a Mac OS X update that fixes a remote code execution vulnerability.
DescriptionThe remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2016-001. It is, therefore, affected by a remote code execution vulnerability due to a type confusion flaw in the bundled libxslt component that is triggered when handling invalid values. A remote attacker can exploit this, via a specially crafted website, to cause a denial of service condition or the execution of arbitrary code.
SolutionInstall Security Update 2016-001 or later.