Mac OS X < 10.11 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8982

Synopsis

The remote host is missing a critical Mac OS X patch update.

Description

The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11 and is affected by multiple vulnerabilities in the following components :

- Address Book
- AirScan
- apache_mod_php
- Apple Online Store Kit
- AppleEvents
- Audio
- bash
- Certificate Trust Policy
- CFNetwork Cookies - CFNetwork FTPProtocol
- CFNetwork HTTPProtocol
- CFNetwork Proxies
- CFNetwork SSL
- CoreCrypto
- CoreText
- Dev Tools
- Disk Images
- dyld
- EFI
- Finder
- Game Center
- Heimdal
- ICU
- Install Framework Legacy
- Intel Graphics Driver
- IOAudioFamily
- IOGraphics
- IOHIDFamily
- IOStorageFamily
- Kernel
- libc
- libpthread
- libxpc
- Login Window
- lukemftpd
- Mail
- Multipeer Connectivity
- NetworkExtension
- Notes
- OpenSSH
- OpenSSL
- procmail
- remote_cmds
- removefile
- Ruby
- Safari
- Safari Downloads
- Safari Extensions
- Safari Safe Browsing
- Security
- SMB
- SQLite
- Telephony
- Terminal
- tidy
- Time Machine
- WebKit
- WebKit CSS
- WebKit JavaScript Bindings
- WebKit Page Loading
- WebKit Plug-ins

Solution

Upgrade to Mac OS X 10.11 or later.

See Also

https://support.apple.com/en-us/HT205267

Plugin Details

Severity: High

ID: 8982

Published: 2015/10/28

Modified: 2016/02/17

Dependencies: 4435

Nessus ID: 86270

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSSv3

Base Score: 8.9

Temporal Score: 7.9

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS3#E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 2015/09/16

Vulnerability Publication Date: 2015/09/16

Exploitable With

CANVAS (CANVAS)

Metasploit (Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation)

Reference Information

CVE: CVE-2013-3951, CVE-2014-2532, CVE-2014-3618, CVE-2014-6277, CVE-2014-7186, CVE-2014-7187, CVE-2014-8080, CVE-2014-8090, CVE-2014-8146, CVE-2014-8147, CVE-2014-8611, CVE-2014-9425, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-1351, CVE-2015-1352, CVE-2015-1855, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3329, CVE-2015-3330, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3785, CVE-2015-5522, CVE-2015-5523, CVE-2015-5824, CVE-2015-5830, CVE-2015-5831, CVE-2015-5833, CVE-2015-5836, CVE-2015-5839, CVE-2015-5840, CVE-2015-5841, CVE-2015-5842, CVE-2015-5847, CVE-2015-5849, CVE-2015-5851, CVE-2015-5853, CVE-2015-5854, CVE-2015-5855, CVE-2015-5858, CVE-2015-5860, CVE-2015-5862, CVE-2015-5863, CVE-2015-5864, CVE-2015-5865, CVE-2015-5866, CVE-2015-5867, CVE-2015-5868, CVE-2015-5869, CVE-2015-5870, CVE-2015-5871, CVE-2015-5872, CVE-2015-5873, CVE-2015-5874, CVE-2015-5875, CVE-2015-5876, CVE-2015-5877, CVE-2015-5878, CVE-2015-5879, CVE-2015-5881, CVE-2015-5882, CVE-2015-5883, CVE-2015-5884, CVE-2015-5885, CVE-2015-5887, CVE-2015-5888, CVE-2015-5889, CVE-2015-5890, CVE-2015-5891, CVE-2015-5893, CVE-2015-5894, CVE-2015-5896, CVE-2015-5897, CVE-2015-5899, CVE-2015-5900, CVE-2015-5901, CVE-2015-5902, CVE-2015-5903, CVE-2015-5912, CVE-2015-5913, CVE-2015-5914, CVE-2015-5915, CVE-2015-5917, CVE-2015-5922

BID: 60440, 66355, 69573, 70152, 70154, 70165, 70935, 71230, 71621, 71800, 71833, 71929, 71932, 72325, 72505, 72539, 72541, 72611, 72701, 73031, 73037, 73182, 73225, 73227, 73306, 73431, 73434, 74204, 74228, 74239, 74240, 74446, 74457, 75037