Mac OS X 10.x < 10.12.2 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9840

Synopsis

The remote host is missing a critical Mac OS X patch update.

Description

The remote host is running a version of Mac OS X version 10.x prior to 10.12.2, and is affected by multiple vulnerabilities in the following components :

- AppleGraphicsPowerManagement (CVE-2016-7609)
- Audio (CVE-2016-7658, CVE-2016-7659)
- Assets (CVE-2016-7628)
- Bluetooth (CVE-2016-7596, CVE-2016-7605, CVE-2016-7617)
- CoreCapture (CVE-2016-7604)
- CoreFoundation (CVE-2016-7663)
- CoreGraphics (CVE-2016-7627)
- CoreMedia External Displays (CVE-2016-7655)
- CoreMedia Playback (CVE-2016-7588)
- CoreStorage (CVE-2016-7603)
- CoreText (CVE-2016-7595)
- Cryptography (CVE-2016-4693)
- Directory Services (CVE-2016-7633)
- Disk Images (CVE-2016-7616)
- FontParser (CVE-2016-4691)
- Foundation (CVE-2016-7618)
- Grapher (CVE-2016-7622)
- ICU (CVE-2016-7594)
- ImageIO (CVE-2016-7643)
- Intel Graphics Driver (CVE-2016-7602)
- IOAcceleratorFamily (CVE-2016-7624)
- IOFireWireFamily (CVE-2016-7608)
- IOHIDFamily (CVE-2016-7591)
- IOKit (CVE-2016-7625, CVE-2016-7657, CVE-2016-7714)
- IOSurface (CVE-2016-7620)
- Kernel (CVE-2016-7606, CVE-2016-7607, CVE-2016-7612, CVE-2016-7615, CVE-2016-7621, CVE-2016-7637, CVE-2016-7644)
- kext tools (CVE-2016-7629)
- libarchive (CVE-2016-7619)
- OpenPAM (CVE-2016-7600)
- Power Management (CVE-2016-7661)
- Security (CVE-2016-4693, CVE-2016-7662)
- syslog (CVE-2016-7660)
WiFi (CVE-2016-7761)
- xar (CVE-2016-7742)

Solution

Upgrade to Mac OS X 10.12.2 or later.

See Also

https://support.apple.com/en-us/HT207422

https://support.apple.com/en-us/HT207423

https://support.apple.com/en-us/HT207425

Plugin Details

Severity: High

ID: 9840

Published: 12/16/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 12/13/2016

Vulnerability Publication Date: 12/13/2016

Reference Information

CVE: CVE-2016-4691, CVE-2016-4693, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604, CVE-2016-7605, CVE-2016-7606, CVE-2016-7607, CVE-2016-7608, CVE-2016-7609, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7617, CVE-2016-7618, CVE-2016-7619, CVE-2016-7620, CVE-2016-7621, CVE-2016-7622, CVE-2016-7624, CVE-2016-7625, CVE-2016-7627, CVE-2016-7628, CVE-2016-7629, CVE-2016-7633, CVE-2016-7637, CVE-2016-7643, CVE-2016-7644, CVE-2016-7655, CVE-2016-7657, CVE-2016-7658, CVE-2016-7659, CVE-2016-7660, CVE-2016-7661, CVE-2016-7662, CVE-2016-7663, CVE-2016-7714, CVE-2016-7742, CVE-2016-7761

BID: 94905, 94903