Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mac OS X < 10.10.5 Multiple Vulnerabilities

High

Synopsis

The remote host is missing a critical Mac OS X patch update.

Description

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :

- apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185) - apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148) - Apple ID OD Plug-in (CVE-2015-3799) - AppleGraphicsControl (CVE-2015-5768) - Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787) - bootp (CVE-2015-3778) - CloudKit (CVE-2015-3782) - CoreMedia Playback (CVE-2015-5777, CVE-2015-5778) - CoreText (CVE-2015-5761, CVE-2015-5755) - curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153) - Data Detectors Engine (CVE-2015-5750) - Date & Time pref pane (CVE-2015-3757) - Dictionary Application (CVE-2015-3774) - DiskImages (CVE-2015-3800) - dyld (CVE-2015-3760) - FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756) - groff (CVE-2009-5044, CVE-2009-5078) - ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782) - Install Framework Legacy (CVE-2015-5784, CVE-2015-5754) - IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772) - IOGraphics (CVE-2015-3770, CVE-2015-5783) - IOHIDFamily (CVE-2015-5774) - Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761) - Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798) - Libinfo (CVE-2015-5776) - libpthread (CVE-2015-5757) - libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807) - libxpc (CVE-2015-3795) - mail_cmds (CVE-2014-7844) - Notification Center OSX (CVE-2015-3764) - ntfs (CVE-2015-5763) - OpenSSH (CVE-2015-5600) - OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792) - perl (CVE-2013-7422) - PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244) - python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365) - QL Office (CVE-2015-5773, CVE-2015-3784) - Quartz Composer Framework (CVE-2015-5771) - Quick Look (CVE-2015-3781) - QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751) - SceneKit (CVE-2015-5772, CVE-2015-3783) - Security (CVE-2015-3775) - SMBClient (CVE-2015-3773) - Speech UI (CVE-2015-3794) - sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680) - tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140) - Text Formats (CVE-2015-3762) - udf (CVE-2015-3767)

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Solution

Upgrade to Mac OS X 10.10.5 or later.