Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 6583

Synopsis

The remote host is missing a Mac OS X update that fixes a security issue.

Description

The remote host is running a version of Mac OS X 10.7 that is older than version 10.7.5. The newer version contains numerous security-related fixes for the following components :

 - Apache

 - BIND

 - CoreText

 - Data Security

 - ImageIO

 - Installer

 - International Components for Unicode

 - Kernel

 - Mail

 - PHP

 - Profile Manager

 - QuickLook

 - QuickTime

 - Ruby

 - USB

Solution

Upgrade to Mac OS X 10.7.5 or later.

See Also

http://support.apple.com/kb/HT5501

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Plugin Details

Severity: Critical

ID: 6583

Family: Generic

Published: 9/21/2012

Updated: 3/6/2019

Nessus ID: 62214, 61413

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Patch Publication Date: 9/19/2011

Vulnerability Publication Date: 7/15/2011

Exploitable With

CANVAS (CANVAS)

Metasploit (PHP CGI Argument Injection)

Reference Information

CVE: CVE-2012-1823, CVE-2011-4313, CVE-2012-0021, CVE-2011-3026, CVE-2011-3048, CVE-2011-4599, CVE-2012-1173, CVE-2012-3722, CVE-2011-3389, CVE-2011-3368, CVE-2011-3607, CVE-2012-0031, CVE-2012-0053, CVE-2012-1667, CVE-2011-4317, CVE-2012-2143, CVE-2012-1172, CVE-2012-2386, CVE-2012-0831, CVE-2012-2688, CVE-2012-2311, CVE-2012-0643, CVE-2012-0671, CVE-2012-3719, CVE-2012-3723, CVE-2012-0652, CVE-2012-3721, CVE-2012-0670, CVE-2012-0668, CVE-2012-3716

BID: 50690, 51705, 51006, 52049, 52830, 52891, 49778, 49957, 50494, 51407, 51706, 53772, 50802, 53729, 47545, 53388, 53403, 54638, 51954, 52364, 53445, 53457, 53579, 53582, 53584, 56240, 56241, 56244, 56246, 56247

IAVA: 2012-A-0189

IAVB: 2012-B-0006