Mac OS X < 10.9.2 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 8138

Synopsis

The remote host is missing a Mac OS X update that fixes multiple security issues.

Description

The remote host is running a version of Mac OS X that is older than 10.9.2. The newer version contains numerous security-related fixes for the following components :

 - Apache

 - ATS

 - Certificate Trust Policy

 - CoreAnimation

 - CoreText

 - curl

 - Data Security

 - Date and Time

 - File Bookmark

 - Finder

 - ImageIO

 - NVIDIA Drivers

 - PHP

 - QuickLook

 - QuickTime

An attacker could leverage the most serious of these issues to execute arbitrary code.

Solution

Upgrade to OS X 10.9.2 or higher.

See Also

http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html

http://support.apple.com/kb/HT6150

Plugin Details

Severity: Critical

ID: 8138

Family: Web Clients

Published: 2/26/2014

Updated: 3/6/2019

Nessus ID: 72687

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Patch Publication Date: 2/25/2014

Vulnerability Publication Date: 2/25/2014

Reference Information

CVE: CVE-2013-1862, CVE-2013-1896, CVE-2013-4073, CVE-2013-6629, CVE-2013-4113, CVE-2013-6420, CVE-2013-4248, CVE-2014-1266, CVE-2014-1254, CVE-2014-1262, CVE-2014-1255, CVE-2014-1256, CVE-2014-1258, CVE-2014-1261, CVE-2014-1263, CVE-2014-1265, CVE-2014-1259, CVE-2014-1264, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1245, CVE-2013-5987, CVE-2013-5986, CVE-2014-1252

BID: 59826, 61129, 60843, 63676, 64225, 61776, 61128, 65777, 65113, 65738, 64525, 65208

IAVB: 2014-B-0011, 2014-B-0135