Mac OS X < 10.10 Multiple Vulnerabilities (APPLE-SA-2014-10-16-1 OS X Yosemite v10.10)

Critical Nessus Network Monitor Plugin ID 8555

Synopsis

The remote host is running an outdated version of Mac OS X and is thus missing a number of security updates.

Description

Apple OS X 10.10 (Yosemite) contains fixes for the following components:
- 802.1X
- AFP File Server
- App Sandbox
- Bash
- Bluetooth
- CFPreferences
- CUPS
- Certificate Trust Policy
- CoreStorage
- Dock
- IOAcceleratorFamily
- IOHIDFamily
- IOKit
- Kernel
- LaunchServices
- LoginWindow
- MCX Desktop Config Profiles
- Mail
- NetFS Client Framework
- QuickTime
- Safari
- Secure Transport
- Code Signing
- Security
- apache
- fdesetup
- iCloud Find My Mac

Solution

Upgrade to OS X 10.10 or higher.

See Also

https://support.apple.com/kb/HT6535

Plugin Details

Severity: Critical

ID: 8555

Family: Web Clients

Published: 2014/10/20

Modified: 2016/12/06

Dependencies: 4435

Nessus ID: 78550

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 2014/10/17

Vulnerability Publication Date: 2014/10/17

Reference Information

CVE: CVE-2014-4441, CVE-2014-4444, CVE-2014-4435, CVE-2014-4391, CVE-2014-4428, CVE-2014-4427, CVE-2014-4446, CVE-2014-4431, CVE-2014-4432, CVE-2014-4440, CVE-2014-4425, CVE-2014-4417, CVE-2014-4430, CVE-2014-4437, CVE-2014-4443, CVE-2014-4442, CVE-2014-4426, CVE-2014-4438, CVE-2014-4433, CVE-2014-4439, CVE-2014-4434, CVE-2014-4436

BID: 70642, 70640, 70638, 70637, 70636, 70635, 70634, 70633, 70632, 70631, 70630, 70629, 70628, 70627, 70625, 70624, 70623, 70622, 70620, 70619, 70618, 70616, 70894