Detections
Analytics
Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-002)
critical Nessus Plugin ID 90097
Language:
Synopsis
The remote host is missing a Mac OS X update that fixes multiple vulnerabilities.Description
The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-002. It is, therefore, affected by multiple vulnerabilities in the following components :- apache_mod_php
- Kernel
- libxml2
- OpenSSH
- Python
- Tcl
Note that successful exploitation of the most serious issues can result in arbitrary code execution.
Solution
Install Security Update 2016-002 or later.See Also
Plugin Details
Severity: Critical
ID: 90097
File Name: macosx_SecUpd2016-002.nasl
Version: 1.12
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 3/22/2016
Updated: 7/14/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:apple:mac_os_x
Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, Host/MacOSX/packages/boms
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/21/2016
Vulnerability Publication Date: 12/18/2014
Reference Information
CVE: CVE-2014-9495, CVE-2015-0973, CVE-2015-1819, CVE-2015-5312, CVE-2015-5333, CVE-2015-5334, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8126, CVE-2015-8242, CVE-2015-8472, CVE-2016-0777, CVE-2016-0778, CVE-2016-1754, CVE-2016-1755, CVE-2016-1759, CVE-2016-1761, CVE-2016-1762
BID: 71820, 71994, 75570, 77112, 77390, 77568, 77681, 78624, 79507, 79509, 79536, 79562, 80695, 80698
APPLE-SA: APPLE-SA-2016-03-21-5