Mac OS X 10.9.5 / 10.10.5 Multiple Vulnerabilities (Security Update 2016-003)
high Nessus Plugin ID 91229
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote host is missing a Mac OS X update that fixes multiple vulnerabilities.Description
The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-003. It is, therefore, affected by multiple vulnerabilities in the following components :- AMD
- Captive Network Assistant
- libxml2
- libxslt
- OpenGL
Note that successful exploitation of the most serious issues can result in arbitrary code execution.
Solution
Install Security Update 2016-003 or later.See Also
Plugin Details
Severity: High
ID: 91229
File Name: macosx_SecUpd2016-003.nasl
Version: 1.10
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 5/19/2016
Updated: 11/14/2019
Dependencies: ssh_get_info.nasl
Risk Information
CVSS Score Source: CVE-2016-1834
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:apple:mac_os_x
Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, Host/MacOSX/packages/boms
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/17/2016
Vulnerability Publication Date: 5/17/2016
Reference Information
CVE: CVE-2016-1791, CVE-2016-1800, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-1841, CVE-2016-1847
BID: 90696
APPLE-SA: APPLE-SA-2016-05-16-4