The version of Adobe InDesign installed on the remote macOS or Mac OS X host is prior to 15.1.2. It is, therefore, affected by an arbitrary code execution vulnerability that exists due to insecure handling of indd files. An attacker can exploit this issue to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.

According to its self-reported version, Cisco Webex Meetings Client for MacOS is affected by an information disclosure vulnerability in the multicast DNS (mDNS) protocol configuration due to sensitive information being included in the mDNS reply. An unauthenticated, adjacent attacker can exploit this, by doing an mDNS query for a particular service against an affected device, to obtain sensitive information about the device on which the Webex client is running.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

The version of Google Chrome installed on the remote macOS host is prior to 85.0.4183.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_09_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Slack, a team collaboration tool, is installed on the remote Mac OS X host.

Check Point Endpoint Security SandBlast Agent which provides unified management, policy enforcement, threat prevention, and detection is installed on the remote macOS host.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-40 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-41 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 85.0.4183.83. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_08_stable-channel-update-for-desktop_25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-38 advisory.

  - If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute     updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service     does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous     version which would have allowed exploitation of an older bug and arbitrary code execution with System     Privileges.Note: This issue only affected Windows operating systems. Other operating systems are     unaffected. (CVE-2020-15663)

  - By holding a reference to the eval() function from an about:blank window, a malicious webpage     could have gained access to the InstallTrigger object which would allow them to prompt the user to install     an extension. Combined with user confusion, this could result in an unintended or malicious extension     being installed. (CVE-2020-15664)

  - Mozilla developers Jason Kratzer, Christian Holler, Byron Campen, Tyson Smith reported memory safety bugs     present in Firefox 79 and Firefox ESR 78.1. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2020-15670)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 80.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-36 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-37 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is running a McAfee Data Loss Prevention Endpoint agent. This agent protects against data theft and accident disclosure of protected information.

The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 11.5. It is, therefore, affected by an information disclosure vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. An attacker can exploit this vulnerability by persuading a victim to open a crafted malicious `git clone` URL.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 84.0.4147.135. It is, therefore, affected by a vulnerability as referenced in the 2020_08_stable-channel-update-for-desktop_18 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Foxit Reader for Mac installed on the remote macOS host is 3.1.0.0111. It is, therefore, affected by a privilege escalation vulnerability due to incorrect permission setting. An attacker could exploit this by modifying the dynamic libraries in the Plugins directory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Microsoft Office product installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists when     Microsoft Word improperly discloses the contents of its     memory. An attacker who exploited the vulnerability     could use the information to compromise the users     computer or data.  (CVE-2020-1503, CVE-2020-1583)

  - A remote code execution vulnerability exists in     Microsoft Excel software when the software fails to     properly handle objects in memory. An attacker who     successfully exploited the vulnerability could run     arbitrary code in the context of the current user. If     the current user is logged on with administrative user     rights, an attacker could take control of the affected     system. An attacker could then install programs; view,     change, or delete data; or create new accounts with full     user rights.  (CVE-2020-1495, CVE-2020-1498)

The version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2015.006.30523, 2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.

  - Disclosure of Sensitive Data potentially leading to     Memory Leak (CVE-2020-9697)

  - Security bypass potentially leading to Privilege     Escalation (CVE-2020-9714)

  - Out-of-bounds write potentially leading to Arbitrary     Code Execution (CVE-2020-9693, CVE-2020-9694)

  - Security bypass potentially leading to Security feature     bypass (CVE-2020-9696, CVE-2020-9712)

  - Stack exhaustion potentially leading to Application     denial-of-service (CVE-2020-9702, CVE-2020-9703)

  - Out-of-bounds read potentially leading to Information     disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707,     CVE-2020-9710, CVE-2020-9716, CVE-2020-9717,     CVE-2020-9718, CVE-2020-9719, CVE-2020-9720,     CVE-2020-9721, CVE-2020-9723)

  - Buffer error potentially leading to Arbitrary Code     Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700,     CVE-2020-9701, CVE-2020-9704)

  - Use-after-free potentially leading to Arbitrary Code     Execution (CVE-2020-9715, CVE-2020-9722)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2015.006.30523, 2017.011.30171, 2020.001.30002, or 2020.009.20074. It is, therefore, affected by multiple vulnerabilities.

  - Disclosure of Sensitive Data potentially leading to     Memory Leak (CVE-2020-9697)

  - Security bypass potentially leading to Privilege     Escalation (CVE-2020-9714)

  - Out-of-bounds write potentially leading to Arbitrary     Code Execution (CVE-2020-9693, CVE-2020-9694)

  - Security bypass potentially leading to Security feature     bypass (CVE-2020-9696, CVE-2020-9712)

  - Stack exhaustion potentially leading to Application     denial-of-service (CVE-2020-9702, CVE-2020-9703)

  - Out-of-bounds read potentially leading to Information     disclosure (CVE-2020-9705, CVE-2020-9706, CVE-2020-9707,     CVE-2020-9710, CVE-2020-9716, CVE-2020-9717,     CVE-2020-9718, CVE-2020-9719, CVE-2020-9720,     CVE-2020-9721, CVE-2020-9723)

  - Buffer error potentially leading to Arbitrary Code     Execution (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700,     CVE-2020-9701, CVE-2020-9704)

  - Use-after-free potentially leading to Arbitrary Code     Execution (CVE-2020-9715, CVE-2020-9722)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.2.6. It is, therefore, affected by a vulnerability as referenced in the wireshark-3.2.6 advisory.

  - The Kafka dissector could crash. It may be possible to make Wireshark crash by injecting a malformed     packet onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2020-17498)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 84.0.4147.125. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_08_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Foxit PhantomPDF installed on the remote macOS host is prior to 3.4. It is, therefore, affected by a denial of service (DoS) vulnerability due to a null pointer dereference.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Foxit Reader for Mac installed on the remote macOS host is prior to 4.0. It is, therefore, affected by a Signature Validation Bypass vulnerability that delivers incorrect validation results when validating certain PDF files that have been modified maliciously or contains non-standard signatures.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Foxit PhantomPDF installed on the remote macOS host is prior to 4.0. It is, therefore, affected by a Signature Validation Bypass vulnerability that delivers incorrect validation results when validating certain PDF files that have been modified maliciously or contains non-standard signatures.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-33 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of VMware Horizon View Client installed on the remote macOS or Mac OS X host is 5.x prior to 5.4.3. It is, therefore, affected by a privilege escalation vulnerability in the service startup script due to improper XPC Client validation. A local attacker with normal user privileges can escalate their privileges to root on the system.

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.x prior to 11.5.5. It is, therefore, affected by a privilege escalation vulnerability due to Improper XPC Client validation. An authenticated, local attacker can exploit this to escalate their normal user privileges to root on the system where Fusion is installed.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-35 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-32 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-31 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 79.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-30 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 84.0.4147.105. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_07_stable-channel-update-for-desktop_27 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Plex Media Server, a client-server media player, is installed on the remote Mac OS X host.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-29 advisory.

  - When %2F was present in a manifest URL, Firefox's     AppCache behavior may have become confused and allowed a     manifest to be served from a subdirectory. This could     cause the appcache to be used to service requests for     the top level directory. This vulnerability affects     Firefox < 78. (CVE-2020-12415)

  - A VideoStreamEncoder may have been freed in a race     condition with VideoBroadcaster::AddOrUpdateSink,     resulting in a use-after-free, memory corruption, and a     potentially exploitable crash. This vulnerability     affects Firefox < 78. (CVE-2020-12416)

  - Due to confusion about ValueTags on JavaScript Objects,     an object may pass through the type barrier, resulting     in memory corruption and a potentially exploitable     crash. *Note: this issue only affects Firefox on ARM64     platforms.* This vulnerability affects Firefox ESR <     68.10, Firefox < 78, and Thunderbird < 68.10.0.
    (CVE-2020-12417)

  - Manipulating individual parts of a URL object could have     caused an out-of-bounds read, leaking process memory to     malicious JavaScript. This vulnerability affects Firefox     ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
    (CVE-2020-12418)

  - When processing callbacks that occurred during window     flushing in the parent process, the associated window     may die; causing a use-after-free condition. This could     have led to memory corruption and a potentially     exploitable crash. This vulnerability affects Firefox     ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
    (CVE-2020-12419)

  - When trying to connect to a STUN server, a race     condition could have caused a use-after-free of a     pointer, leading to memory corruption and a potentially     exploitable crash. This vulnerability affects Firefox     ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
    (CVE-2020-12420)

  - During RSA key generation, bignum implementations used a     variation of the Binary Extended Euclidean Algorithm     which entailed significantly input-dependent flow. This     allowed an attacker able to perform electromagnetic-     based side channel attacks to record traces leading to     the recovery of the secret primes. *Note:* An unmodified     Firefox browser does not generate RSA keys in normal     operation and is not affected, but products built on top     of it might. This vulnerability affects Firefox < 78.
    (CVE-2020-12402)

  - When performing add-on updates, certificate chains     terminating in non-built-in-roots were rejected (even if     they were legitimately added by an administrator.) This     could have caused add-ons to become out-of-date silently     without notification to the user. This vulnerability     affects Firefox ESR < 68.10, Firefox < 78, and     Thunderbird < 68.10.0. (CVE-2020-12421)

  - In non-standard configurations, a JPEG image created by     JavaScript could have caused an internal variable to     overflow, resulting in an out of bounds write, memory     corruption, and a potentially exploitable crash. This     vulnerability affects Firefox < 78. (CVE-2020-12422)

  - When the Windows DLL webauthn.dll was missing from the     Operating System, and a malicious one was placed in a     folder in the user's %PATH%, Firefox may have loaded the     DLL, leading to arbitrary code execution. *Note: This     issue only affects the Windows operating system; other     operating systems are unaffected.* This vulnerability     affects Firefox < 78. (CVE-2020-12423)

  - When constructing a permission prompt for WebRTC, a URI     was supplied from the content process. This URI was     untrusted, and could have been the URI of an origin that     was previously granted permission; bypassing the prompt.
    This vulnerability affects Firefox < 78.
    (CVE-2020-12424)

  - Due to confusion processing a hyphen character in     Date.parse(), a one-byte out of bounds read could have     occurred, leading to potential information disclosure.
    This vulnerability affects Firefox < 78.
    (CVE-2020-12425)

  - Mozilla developers and community members reported memory     safety bugs present in Firefox 77. Some of these bugs     showed evidence of memory corruption and we presume that     with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability     affects Firefox < 78. (CVE-2020-12426)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by multiple vulnerabilities:

  - An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory     due to an uninitialized variable, which could disclose the contents of memory. An attacker who     successfully exploited the vulnerability could view out of bound memory. (CVE-2020-1342)   
  - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An     attacker who successfully exploited this vulnerability could take control of the affected system. An     attacker could then install programs; view, change, or delete data; or create new accounts with full user     rights. (CVE-2020-1409)   
  - An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of     its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s     computer or data. (CVE-2020-1445)   
  - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle     objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted     file to perform actions in the security context of the current user. For example, the file could then take     actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2020-1446,     CVE-2020-1447)

The version of Google Chrome installed on the remote macOS host is prior to 84.0.4147.89. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_07_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 78.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-28 advisory.

  - Using object or embed tags, it was possible to frame     other websites, even if they disallowed framing using     the X-Frame-Options header.Note: This issue is     pending a CVE assignment and will be updated when one is     available. (MFSA-2020-0003)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Palo Alto GlobalProtect Agent installed on the remote macOS or Mac OS X host is prior to 4.1.11. It is, therefore, affected by an information disclosure vulnerability. Successful exploitation of this issue would allow a local authenticated attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. The endpoint would already have to be compromised and have the ability inspect memory for obtaining these tokens.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-26 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.2.5. It is, therefore, affected by a vulnerability as referenced in the wireshark-3.2.5 advisory.

  - The GVCP dissector could go into an infinite loop. It     may be possible to make Wireshark consume excessive CPU     resources by injecting a malformed packet onto the wire     or by convincing someone to read a malformed packet     trace file. (CVE-2020-15466)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 78.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-24 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Adobe Premiere Pro is installed on the remote Mac OS X host.

The version of VMware Tools installed on the remote MacOS/MacOSX host is prior to 11.1.1. It is, therefore, affected by a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 83.0.4103.116. It is, therefore, affected by a vulnerability as referenced in the 2020_06_stable-channel-update-for-desktop_22 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Adobe Premiere Rush is installed on the remote Mac OS X host.

Cisco Webex Meetings Desktop App is installed on the remote Mac OS X host.

The version of Google Chrome installed on the remote macOS host is prior to 83.0.4103.106. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_06_stable-channel-update-for-desktop_15 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 32.0.0.371. It is therefore affected by an use after free vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to execute arbitrary code within the context of the user.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.9.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-22 advisory.

  - NSS has shown timing differences when performing DSA     signatures, which was exploitable and could eventually     leak private keys. (CVE-2020-12399)

  - When browsing a malicious page, a race condition in our     SharedWorkerService could occur and lead to a     potentially exploitable crash. (CVE-2020-12405)

  - Mozilla developer Iain Ireland discovered a missing type     check during unboxed objects removal, resulting in a     crash. We presume that with enough effort that it could     be exploited to run arbitrary code. (CVE-2020-12406)

  - Mozilla developers Tom Tung and Karl Tomlinson reported     memory safety bugs present in Firefox 68.8. Some of     these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have     been exploited to run arbitrary code. (CVE-2020-12410)

  - If Thunderbird is configured to use STARTTLS for an IMAP     server, and the server sends a PREAUTH response, then     Thunderbird will continue with an unencrypted     connection, causing email data to be sent without     protection. (CVE-2020-12398)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 83.0.4103.97. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_06_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
140605	Adobe InDesign CC < 15.1.2 Arbitrary Code Execution (APSB20-52) (macOS)	Medium
140456	Cisco Webex Meetings Client for MacOS Information Disclosure (cisco-sa-webex-info-disc-OHqg982)	Low
140405	Google Chrome < 85.0.4183.102 Multiple Vulnerabilities	Critical
140215	Slack Installed (Mac OS X)	Info
139914	Check Point Endpoint Security SandBlast Agent Installed (macOS)	Info
139869	Mozilla Thunderbird < 68.12	High
139867	Mozilla Thunderbird < 78.2	High
139793	Google Chrome < 85.0.4183.83 Multiple Vulnerabilities	Critical
139790	Mozilla Firefox ESR < 78.2	High
139788	Mozilla Firefox < 80.0	High
139786	Mozilla Firefox ESR < 68.12	High
139733	McAfee Data Loss Prevention Endpoint Agent Detection (macOS)	Info
139727	Apple Xcode < 11.5 Git Credentials Disclosure (macOS)	Medium
139694	Google Chrome < 84.0.4147.135 Vulnerability	Medium
139663	Foxit Reader 3.1.0.0111 < 3.2 Privilege Escalation (macOS)	Medium
139601	Security Updates for Microsoft Office (August 2020) (macOS)	High
139579	Adobe Reader <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48) (macOS)	High
139578	Adobe Acrobat <= 2015.006.30523 / 2017.011.30171 / 2020.001.30002 / 2020.009.20074 Multiple Vulnerabilities (APSB20-48) (macOS)	High
139572	Wireshark 3.2.x < 3.2.6 A Vulnerability (macOS)	Medium
139458	Google Chrome < 84.0.4147.125 Multiple Vulnerabilities	Critical
139456	Foxit PhantomPDF < 3.4 DoS (macOS)	Medium
139329	Foxit Reader < 4.0 Privilege Escalation (macOS)	Medium
139328	Foxit PhantomPDF < 4.0 Privilege Escalation (macOS)	Medium
139317	Mozilla Thunderbird < 78.1	High
139203	VMware Horizon View Client 5.x < 5.4.3 Privilege Escalation (VMSA-2020-0017) (macOS)	High
139202	VMware Fusion 11.x < 11.5.5 Privilege Escalation (VMSA-2020-0017)	High
139184	Mozilla Thunderbird < 68.11	High
139073	Mozilla Firefox ESR < 78.1	High
139062	Mozilla Firefox ESR < 68.11	High
139039	Mozilla Firefox < 79.0	High
139000	Google Chrome < 84.0.4147.105 Multiple Vulnerabilities	Critical
138883	Plex Media Server Installed (Mac OS X)	Info
138588	Mozilla Thunderbird < 78.0	High
138503	Security Updates for Microsoft Office Products (July 2020) (macOS)	High
138448	Google Chrome < 84.0.4147.89 Multiple Vulnerabilities	High
138444	Mozilla Firefox < 78.0.2	High
138334	Palo Alto GlobalProtect Agent <= 4.1.10 Information Disclosure (MacOS)	Low
138095	Mozilla Thunderbird < 68.10.0	High
138086	Wireshark 3.2.x < 3.2.5 A Vulnerability (macOS)	Medium
138084	Mozilla Firefox < 78.0	High
138082	Mozilla Firefox ESR < 68.10	High
137879	Adobe Premiere Pro Installed (Mac OS X)	Info
137839	VMware Tools < 11.1.1 Denial-of-Service Vulnerability (VMSA-2020-0014) (macOS)	Low
137700	Google Chrome < 83.0.4103.116 Vulnerability	Medium
137653	Adobe Premiere Rush Installed (Mac OS X)	Info
137650	Cisco Webex Meetings Desktop App Installed (Mac OS X)	Info
137634	Google Chrome < 83.0.4103.106 Multiple Vulnerabilities	Medium
137252	Adobe Flash Player for Mac <= 32.0.0.371 (APSB20-30)	Critical
137086	Mozilla Thunderbird < 68.9.0	High
137080	Google Chrome < 83.0.4103.97 Multiple Vulnerabilities	Medium

MacOS X Local Security Checks Family for Nessus