English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.807000
Category:Mac OS X Local Security Checks
Title:Apple Mac OS X Multiple Vulnerabilities-01 (Dec 2015)
Summary:Apple Mac OS X is prone to multiple vulnerabilities.
Description:Summary:
Apple Mac OS X is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- an error in Bluetooth HCI interface

- an error in IOAcceleratorFamily

- an error in Disk Images component

- the System Integrity Protection feature mishandles union mounts

- the Keychain Access improperly interacts with Keychain Agent

- the Kext tools mishandles kernel-extension loading

- an error in ASN.1 decode, kernel loader in EF, IOThunderboltFamily, in File
Bookmark component

- multiple errors in Intel Graphics Driver component

- use-after-free error in Hypervisor

- a privilege issue existed in handling union mounts

- multiple vulnerabilities existed in LibreSSL

- an input validation issue existed in OpenLDAP

- an issue existed in how Keychain Access interacted with Keychain Agent

Please see the references for more information on the vulnerabilities.

Vulnerability Impact:
Successful exploitation will allow attacker
to obtain sensitive information, execute arbitrary code, gain privileges,
cause a denial of service, to spoof, to bypass protection mechanism.

Affected Software/OS:
Apple Mac OS X versions 10.11 to 10.11.1,
10.9.x through 10.9.5 and 10.10.x through 10.10.5.

Solution:
Upgrade to Apple Mac OS X version
10.11.2 or later or apply security update 2015-005 for 10.10.x and security
update 2015-008 for 10.9.x. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-7044
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
http://www.securitytracker.com/id/1034344
Common Vulnerability Exposure (CVE) ID: CVE-2015-7045
http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7052
Common Vulnerability Exposure (CVE) ID: CVE-2015-7059
http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7060
Common Vulnerability Exposure (CVE) ID: CVE-2015-7061
Common Vulnerability Exposure (CVE) ID: CVE-2015-7062
Common Vulnerability Exposure (CVE) ID: CVE-2015-7063
Common Vulnerability Exposure (CVE) ID: CVE-2015-7067
Common Vulnerability Exposure (CVE) ID: CVE-2015-7071
Common Vulnerability Exposure (CVE) ID: CVE-2015-7076
Common Vulnerability Exposure (CVE) ID: CVE-2015-7077
https://www.exploit-db.com/exploits/39368/
Common Vulnerability Exposure (CVE) ID: CVE-2015-7078
https://www.exploit-db.com/exploits/39370/
Common Vulnerability Exposure (CVE) ID: CVE-2015-7106
https://www.exploit-db.com/exploits/39369/
Common Vulnerability Exposure (CVE) ID: CVE-2015-7108
https://www.exploit-db.com/exploits/39372/
Common Vulnerability Exposure (CVE) ID: CVE-2015-7109
Common Vulnerability Exposure (CVE) ID: CVE-2015-7110
https://www.exploit-db.com/exploits/39365/
Common Vulnerability Exposure (CVE) ID: CVE-2015-7105
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
BugTraq ID: 78719
http://www.securityfocus.com/bid/78719
Common Vulnerability Exposure (CVE) ID: CVE-2015-7074
Common Vulnerability Exposure (CVE) ID: CVE-2015-7075
Common Vulnerability Exposure (CVE) ID: CVE-2015-7053
Common Vulnerability Exposure (CVE) ID: CVE-2011-2895
1025920
http://securitytracker.com/id?1025920
45544
http://secunia.com/advisories/45544
45568
http://secunia.com/advisories/45568
45599
http://secunia.com/advisories/45599
45986
http://secunia.com/advisories/45986
46127
http://secunia.com/advisories/46127
48951
http://secunia.com/advisories/48951
49124
http://www.securityfocus.com/bid/49124
APPLE-SA-2012-02-01-1
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
APPLE-SA-2012-05-09-1
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
APPLE-SA-2015-12-08-1
APPLE-SA-2015-12-08-2
APPLE-SA-2015-12-08-3
APPLE-SA-2015-12-08-4
DSA-2293
http://www.debian.org/security/2011/dsa-2293
MDVSA-2011:153
http://www.mandriva.com/security/advisories?name=MDVSA-2011:153
NetBSD-SA2011-007
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc
RHSA-2011:1154
http://www.redhat.com/support/errata/RHSA-2011-1154.html
RHSA-2011:1155
http://www.redhat.com/support/errata/RHSA-2011-1155.html
RHSA-2011:1161
http://www.redhat.com/support/errata/RHSA-2011-1161.html
RHSA-2011:1834
http://www.redhat.com/support/errata/RHSA-2011-1834.html
SUSE-SU-2011:1035
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html
USN-1191-1
http://www.ubuntu.com/usn/USN-1191-1
[oss-security] 20110810 LZW decompression issues
http://www.openwall.com/lists/oss-security/2011/08/10/10
[xorg-announce] 20110810 X.Org security advisory: libXfont LZW decompression heap corruption
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html
[xorg-announce] 20110810 [ANNOUNCE] libXfont 1.4.4
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17
https://bugzilla.redhat.com/show_bug.cgi?id=725760
https://bugzilla.redhat.com/show_bug.cgi?id=727624
https://support.apple.com/HT205635
https://support.apple.com/HT205637
https://support.apple.com/HT205640
https://support.apple.com/HT205641
openSUSE-SU-2011:1299
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html
xorg-lzw-bo(69141)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69141
Common Vulnerability Exposure (CVE) ID: CVE-2015-7115
Common Vulnerability Exposure (CVE) ID: CVE-2015-7116
Common Vulnerability Exposure (CVE) ID: CVE-2015-7064
Common Vulnerability Exposure (CVE) ID: CVE-2015-7065
Common Vulnerability Exposure (CVE) ID: CVE-2015-7066
Common Vulnerability Exposure (CVE) ID: CVE-2015-7107
Common Vulnerability Exposure (CVE) ID: CVE-2015-7058
Common Vulnerability Exposure (CVE) ID: CVE-2015-7803
BugTraq ID: 76959
http://www.securityfocus.com/bid/76959
Debian Security Information: DSA-3380 (Google Search)
http://www.debian.org/security/2015/dsa-3380
https://security.gentoo.org/glsa/201606-10
http://www.openwall.com/lists/oss-security/2015/10/05/8
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.461720
SuSE Security Announcement: SUSE-SU-2016:1145 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html
SuSE Security Announcement: openSUSE-SU-2016:0251 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html
SuSE Security Announcement: openSUSE-SU-2016:0366 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html
http://www.ubuntu.com/usn/USN-2786-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-7804
Common Vulnerability Exposure (CVE) ID: CVE-2015-7001
Common Vulnerability Exposure (CVE) ID: CVE-2015-7094
Common Vulnerability Exposure (CVE) ID: CVE-2015-7054
Common Vulnerability Exposure (CVE) ID: CVE-2015-7081
Common Vulnerability Exposure (CVE) ID: CVE-2015-7111
Common Vulnerability Exposure (CVE) ID: CVE-2015-7112
Common Vulnerability Exposure (CVE) ID: CVE-2015-7068
Common Vulnerability Exposure (CVE) ID: CVE-2015-7040
Common Vulnerability Exposure (CVE) ID: CVE-2015-7041
Common Vulnerability Exposure (CVE) ID: CVE-2015-7042
Common Vulnerability Exposure (CVE) ID: CVE-2015-7043
Common Vulnerability Exposure (CVE) ID: CVE-2015-7083
Common Vulnerability Exposure (CVE) ID: CVE-2015-7084
https://www.exploit-db.com/exploits/39357/
https://www.exploit-db.com/exploits/39366/
Common Vulnerability Exposure (CVE) ID: CVE-2015-7047
https://www.exploit-db.com/exploits/39371/
https://www.exploit-db.com/exploits/39373/
https://www.exploit-db.com/exploits/39374/
https://www.exploit-db.com/exploits/39375/
Common Vulnerability Exposure (CVE) ID: CVE-2015-7038
Common Vulnerability Exposure (CVE) ID: CVE-2015-7039
https://www.exploit-db.com/exploits/38917/
Common Vulnerability Exposure (CVE) ID: CVE-2012-0876
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
BugTraq ID: 52379
http://www.securityfocus.com/bid/52379
Debian Security Information: DSA-2525 (Google Search)
http://www.debian.org/security/2012/dsa-2525
http://www.mandriva.com/security/advisories?name=MDVSA-2012:041
http://bugs.python.org/issue13703#msg151870
http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
RedHat Security Advisories: RHSA-2012:0731
http://rhn.redhat.com/errata/RHSA-2012-0731.html
RedHat Security Advisories: RHSA-2016:0062
http://rhn.redhat.com/errata/RHSA-2016-0062.html
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://secunia.com/advisories/49504
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://www.ubuntu.com/usn/USN-1527-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
Common Vulnerability Exposure (CVE) ID: CVE-2012-1147
http://trac.wxwidgets.org/ticket/11194
http://trac.wxwidgets.org/ticket/11432
Common Vulnerability Exposure (CVE) ID: CVE-2012-1148
Common Vulnerability Exposure (CVE) ID: CVE-2015-6908
BugTraq ID: 76714
http://www.securityfocus.com/bid/76714
Debian Security Information: DSA-3356 (Google Search)
http://www.debian.org/security/2015/dsa-3356
RedHat Security Advisories: RHSA-2015:1840
http://rhn.redhat.com/errata/RHSA-2015-1840.html
http://www.securitytracker.com/id/1033534
SuSE Security Announcement: SUSE-SU-2016:0224 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
SuSE Security Announcement: SUSE-SU-2016:0262 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
SuSE Security Announcement: openSUSE-SU-2016:0226 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
SuSE Security Announcement: openSUSE-SU-2016:0255 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
SuSE Security Announcement: openSUSE-SU-2016:0261 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
http://www.ubuntu.com/usn/USN-2742-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5333
http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html
http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html
http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded
Common Vulnerability Exposure (CVE) ID: CVE-2015-5334
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt
http://seclists.org/fulldisclosure/2015/Oct/75
Common Vulnerability Exposure (CVE) ID: CVE-2015-7046
Common Vulnerability Exposure (CVE) ID: CVE-2015-7073
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.