Mac OS X < 10.9.2 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 8138

Synopsis

The remote host is missing a Mac OS X update that fixes multiple security issues.

Description

The remote host is running a version of Mac OS X that is older than 10.9.2. The newer version contains numerous security-related fixes for the following components :

- Apache

- ATS

- Certificate Trust Policy

- CoreAnimation

- CoreText

- curl

- Data Security

- Date and Time

- File Bookmark

- Finder

- ImageIO

- NVIDIA Drivers

- PHP

- QuickLook

- QuickTime

An attacker could leverage the most serious of these issues to execute arbitrary code.

Solution

Upgrade to OS X 10.9.2 or higher.

See Also

http://support.apple.com/kb/HT6150

http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html

Plugin Details

Severity: Critical

ID: 8138

Family: Web Clients

Published: 2014/02/26

Updated: 2019/03/06

Dependencies: 1735, 8314

Nessus ID: 72687

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 2014/02/25

Vulnerability Publication Date: 2014/02/25

Reference Information

CVE: CVE-2013-1862, CVE-2013-1896, CVE-2013-4073, CVE-2013-4113, CVE-2013-4248, CVE-2013-5986, CVE-2013-5987, CVE-2013-6420, CVE-2013-6629, CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1252, CVE-2014-1254, CVE-2014-1255, CVE-2014-1256, CVE-2014-1258, CVE-2014-1259, CVE-2014-1261, CVE-2014-1262, CVE-2014-1263, CVE-2014-1264, CVE-2014-1265, CVE-2014-1266

BID: 59826, 60843, 61128, 61129, 61776, 63676, 64225, 64525, 65113, 65208, 65738, 65777

IAVB: 2014-B-0011, 2014-B-0135