Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 9327

Synopsis

The remote host is missing a critical Mac OS X patch update.

Description

The remote host is running a version of Mac OS X version 10.11.x prior to 10.11.4 and is affected by multiple vulnerabilities in the following components :

- apache_mod_php
- AppleRAID
- AppleUSBNetworking
- Bluetooth
- Carbon
- dyld
- FontParser
- HTTPProtocol
- Intel Graphics Driver
- IOFireWireFamily
- IOGraphics
- IOHIDFamily
- IOUSBFamily
- Kernel
- libxml2
- Messages
- NVIDIA Graphics Drivers
- OpenSSH
- OpenSSL
- Python
- QuickTime
- Reminders
- Ruby
- Security
- Tcl
- TrueTypeScaler
- Wi-Fi

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Solution

Upgrade to Mac OS X 10.11.4 or later.

See Also

https://support.apple.com/en-us/HT206167

http://www.nessus.org/u?6c87f79a

Plugin Details

Severity: Critical

ID: 9327

File Name: 9327.prm

Published: 2016/05/27

Modified: 2016/06/15

Dependencies: 4435

Nessus ID: 90096

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 2016/03/26

Vulnerability Publication Date: 2016/03/21

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2014-9495, CVE-2015-0973, CVE-2015-1819, CVE-2015-3195, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500, CVE-2015-7551, CVE-2015-7942, CVE-2015-8035, CVE-2015-8126, CVE-2015-8242, CVE-2015-8472, CVE-2015-8659, CVE-2016-0777, CVE-2016-0778, CVE-2016-0801, CVE-2016-0802, CVE-2016-1732, CVE-2016-1733, CVE-2016-1734, CVE-2016-1735, CVE-2016-1736, CVE-2016-1737, CVE-2016-1738, CVE-2016-1740, CVE-2016-1741, CVE-2016-1743, CVE-2016-1744, CVE-2016-1745, CVE-2016-1746, CVE-2016-1747, CVE-2016-1748, CVE-2016-1749, CVE-2016-1750, CVE-2016-1752, CVE-2016-1753, CVE-2016-1754, CVE-2016-1755, CVE-2016-1756, CVE-2016-1757, CVE-2016-1758, CVE-2016-1759, CVE-2016-1761, CVE-2016-1762, CVE-2016-1764, CVE-2016-1767, CVE-2016-1768, CVE-2016-1769, CVE-2016-1770, CVE-2016-1773, CVE-2016-1775, CVE-2016-1788, CVE-2016-1950

BID: 71820, 71994, 75570, 77390, 77568, 77681, 78624, 78626, 79507, 79509, 79536, 79562, 80438, 80695, 80698