Detections
Analytics

Mac OS X 10.x < 10.12 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9620

Synopsis

The remote host is missing a critical Mac OS X patch update.

Description

The remote host is running a version of Mac OS X version 10.x prior to 10.12, and is affected by multiple vulnerabilities in the following components :

 - apache (CVE-2016-4694)
 - apache_mod_php (CVE-2016-5768, CVE-2016-5769, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6174, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297)
 - Apple HSSPI Support (CVE-2016-4697)
 - AppleEFIRuntime (CVE-2016-4696)
 - AppleMobileFileIntegrity (CVE-2016-4698)
 - AppleUUC (CVE-2016-4699, CVE-2016-4700)
 - Application Firewall (CVE-2016-4701)
 - ATS (CVE-2016-4779)
 - Audio (CVE-2016-4702)
 - Bluetooth (CVE-2016-4703)
 - cd9660 (CVE-2016-4706)
 - CFNetwork (CVE-2016-4707, CVE-2016-4708)
 - CommonCrypto (CVE-2016-4711)
 - CoreCrypto (CVE-2016-4712)
 - CoreDisplay (CVE-2016-4713)
 - curl (CVE-2016-0755, CVE-2016-4606)
 - Date & Time Pref Pane (CVE-2016-4715)
 - DiskArbitration (CVE-2016-4716)
 - File Bookmark (CVE-2016-4717)
 - FontParser (CVE-2016-4718)
 - IDS - Connectivity (CVE-2016-4722)
 - Intel Graphics Driver (CVE-2016-4723, CVE-2016-7582)
 - IOAcceleratorFamily (CVE-2016-4724, CVE-2016-4725, CVE-2016-4726)
 - IOThunderboltFamily (CVE-2016-4727)
 - Kerberos v5 PAM module (CVE-2016-4745)
 - Kernel (CVE-2016-4771, CVE-2016-4772, CVE-2016-4773, CVE-2016-4774, CVE-2016-4775, CVE-2016-4776, CVE-2016-4777, CVE-2016-4778)
 - lib archive (CVE-2016-4736)
 - libxml2 (CVE-2016-4658, CVE-2016-5131)
 - libxpc (CVE-2016-4617)
 - libxslt (CVE-2016-4738)
 - mDNSResponder (CVE-2016-4739)
 - NSSecureTextField (CVE-2016-4742)
 - Perl (CVE-2016-4748, CVE-2016-4750)
 - Security (CVE-2016-4752, CVE-2016-4753)
 - Terminal (CVE-2016-4755)
 - WindowServer (CVE-2016-4709, CVE-2016-4710)

Solution

Upgrade to Mac OS X 10.12 or later.

See Also

https://support.apple.com/en-us/HT207170

Plugin Details

Severity: Critical

ID: 9620

Published: 10/21/2016

Updated: 3/6/2019

Nessus ID: 93685

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 9/18/2016

Vulnerability Publication Date: 9/20/2016

Reference Information

CVE: CVE-2016-0755, CVE-2016-4606, CVE-2016-4617, CVE-2016-4658, CVE-2016-4694, CVE-2016-4696, CVE-2016-4697, CVE-2016-4698, CVE-2016-4699, CVE-2016-4700, CVE-2016-4701, CVE-2016-4702, CVE-2016-4703, CVE-2016-4706, CVE-2016-4707, CVE-2016-4708, CVE-2016-4709, CVE-2016-4710, CVE-2016-4711, CVE-2016-4712, CVE-2016-4713, CVE-2016-4715, CVE-2016-4716, CVE-2016-4717, CVE-2016-4718, CVE-2016-4722, CVE-2016-4723, CVE-2016-4724, CVE-2016-4725, CVE-2016-4726, CVE-2016-4727, CVE-2016-4736, CVE-2016-4738, CVE-2016-4739, CVE-2016-4742, CVE-2016-4745, CVE-2016-4748, CVE-2016-4750, CVE-2016-4752, CVE-2016-4753, CVE-2016-4755, CVE-2016-4771, CVE-2016-4772, CVE-2016-4773, CVE-2016-4774, CVE-2016-4775, CVE-2016-4776, CVE-2016-4777, CVE-2016-4778, CVE-2016-4779, CVE-2016-5131, CVE-2016-5768, CVE-2016-5769, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6174, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7582

BID: 93054