Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-002)

Critical Nessus Plugin ID 90097

Synopsis

The remote host is missing a Mac OS X update that fixes multiple vulnerabilities.

Description

The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-002. It is, therefore, affected by multiple vulnerabilities in the following components :

- apache_mod_php
- Kernel
- libxml2
- OpenSSH
- Python
- Tcl

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Solution

Install Security Update 2016-002 or later.

See Also

https://support.apple.com/en-us/HT206167

http://www.nessus.org/u?6c87f79a

Plugin Details

Severity: Critical

ID: 90097

File Name: macosx_SecUpd2016-002.nasl

Version: 1.12

Type: local

Agent: macosx

Published: 2016/03/22

Modified: 2018/07/14

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, Host/MacOSX/packages/boms

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/03/21

Vulnerability Publication Date: 2014/12/18

Reference Information

CVE: CVE-2014-9495, CVE-2015-0973, CVE-2015-1819, CVE-2015-5312, CVE-2015-5333, CVE-2015-5334, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8126, CVE-2015-8242, CVE-2015-8472, CVE-2016-0777, CVE-2016-0778, CVE-2016-1754, CVE-2016-1755, CVE-2016-1759, CVE-2016-1761, CVE-2016-1762

BID: 71820, 71994, 75570, 77112, 77390, 77568, 77681, 78624, 79507, 79509, 79536, 79562, 80695, 80698

APPLE-SA: APPLE-SA-2016-03-21-5