Detections
Analytics

Mac OS X 10.x < 10.12.2 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9840

Synopsis

The remote host is missing a critical Mac OS X patch update.

Description

The remote host is running a version of Mac OS X version 10.x prior to 10.12.2, and is affected by multiple vulnerabilities in the following components :

 - AppleGraphicsPowerManagement (CVE-2016-7609)
 - Audio (CVE-2016-7658, CVE-2016-7659)
 - Assets (CVE-2016-7628)
 - Bluetooth (CVE-2016-7596, CVE-2016-7605, CVE-2016-7617)
 - CoreCapture (CVE-2016-7604)
 - CoreFoundation (CVE-2016-7663)
 - CoreGraphics (CVE-2016-7627)
 - CoreMedia External Displays (CVE-2016-7655)
 - CoreMedia Playback (CVE-2016-7588)
 - CoreStorage (CVE-2016-7603)
 - CoreText (CVE-2016-7595)
 - Cryptography (CVE-2016-4693)
 - Directory Services (CVE-2016-7633)
 - Disk Images (CVE-2016-7616)
 - FontParser (CVE-2016-4691)
 - Foundation (CVE-2016-7618)
 - Grapher (CVE-2016-7622)
 - ICU (CVE-2016-7594)
 - ImageIO (CVE-2016-7643)
 - Intel Graphics Driver (CVE-2016-7602)
 - IOAcceleratorFamily (CVE-2016-7624)
 - IOFireWireFamily (CVE-2016-7608)
 - IOHIDFamily (CVE-2016-7591)
 - IOKit (CVE-2016-7625, CVE-2016-7657, CVE-2016-7714)
 - IOSurface (CVE-2016-7620)
 - Kernel (CVE-2016-7606, CVE-2016-7607, CVE-2016-7612, CVE-2016-7615, CVE-2016-7621, CVE-2016-7637, CVE-2016-7644)
 - kext tools (CVE-2016-7629)
 - libarchive (CVE-2016-7619)
 - OpenPAM (CVE-2016-7600)
 - Power Management (CVE-2016-7661)
 - Security (CVE-2016-4693, CVE-2016-7662)
 - syslog (CVE-2016-7660)
 WiFi (CVE-2016-7761)
 - xar (CVE-2016-7742)

Solution

Upgrade to Mac OS X 10.12.2 or later.

See Also

https://support.apple.com/en-us/HT207422

https://support.apple.com/en-us/HT207423

https://support.apple.com/en-us/HT207425

Plugin Details

Severity: High

ID: 9840

Published: 12/16/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 12/13/2016

Vulnerability Publication Date: 12/13/2016

Reference Information

CVE: CVE-2016-4691, CVE-2016-4693, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604, CVE-2016-7605, CVE-2016-7606, CVE-2016-7607, CVE-2016-7608, CVE-2016-7609, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7617, CVE-2016-7618, CVE-2016-7619, CVE-2016-7620, CVE-2016-7621, CVE-2016-7622, CVE-2016-7624, CVE-2016-7625, CVE-2016-7627, CVE-2016-7628, CVE-2016-7629, CVE-2016-7633, CVE-2016-7637, CVE-2016-7643, CVE-2016-7644, CVE-2016-7655, CVE-2016-7657, CVE-2016-7658, CVE-2016-7659, CVE-2016-7660, CVE-2016-7661, CVE-2016-7662, CVE-2016-7663, CVE-2016-7714, CVE-2016-7742, CVE-2016-7761

BID: 94905, 94903