Apple Mac OS X Multiple Vulnerabilities-01 July15

Published: 2015-07-10 06:46:49
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Summary:
This host is running Apple Mac OS X and is prone to multiple vulnerabilities.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exists. For details refer reference section.

Impact:
Successful exploitation will allow attacker to obtain sensitive information, execute arbitrary code, bypass intended launch restrictions and access restrictions, cause a denial of service, write to arbitrary files, execute arbitrary code with system privilege.

Affected Versions:
Apple Mac OS X versions 10.10.x before 10.10.4, 10.8.x through 10.8.5, 10.9.x through 10.9.5.

Recommendations:
Upgrade to Apple Mac OS X version 10.10.4 or later or apply security update 2015-005 for 10.9.x and 10.8.x versions. Please see the references for more information.

Solution Type:
Vendor Patch

Detection Type:
Executable

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2015-3720
https://nvd.nist.gov/vuln/detail/CVE-2015-3718
https://nvd.nist.gov/vuln/detail/CVE-2015-3716
https://nvd.nist.gov/vuln/detail/CVE-2015-3715
https://nvd.nist.gov/vuln/detail/CVE-2015-3714
https://nvd.nist.gov/vuln/detail/CVE-2015-3713
https://nvd.nist.gov/vuln/detail/CVE-2015-3712
https://nvd.nist.gov/vuln/detail/CVE-2015-3711
https://nvd.nist.gov/vuln/detail/CVE-2015-3709
https://nvd.nist.gov/vuln/detail/CVE-2015-3708
https://nvd.nist.gov/vuln/detail/CVE-2015-3707
https://nvd.nist.gov/vuln/detail/CVE-2015-3706
https://nvd.nist.gov/vuln/detail/CVE-2015-3705
https://nvd.nist.gov/vuln/detail/CVE-2015-3704
https://nvd.nist.gov/vuln/detail/CVE-2015-3702
https://nvd.nist.gov/vuln/detail/CVE-2015-3701
https://nvd.nist.gov/vuln/detail/CVE-2015-3700
https://nvd.nist.gov/vuln/detail/CVE-2015-3699
https://nvd.nist.gov/vuln/detail/CVE-2015-3698
https://nvd.nist.gov/vuln/detail/CVE-2015-3697
https://nvd.nist.gov/vuln/detail/CVE-2015-3696
https://nvd.nist.gov/vuln/detail/CVE-2015-3695
https://nvd.nist.gov/vuln/detail/CVE-2015-3693
https://nvd.nist.gov/vuln/detail/CVE-2015-3692
https://nvd.nist.gov/vuln/detail/CVE-2015-3691
https://nvd.nist.gov/vuln/detail/CVE-2015-3694
https://nvd.nist.gov/vuln/detail/CVE-2015-3689
https://nvd.nist.gov/vuln/detail/CVE-2015-3688
https://nvd.nist.gov/vuln/detail/CVE-2015-3687
https://nvd.nist.gov/vuln/detail/CVE-2015-3721
https://nvd.nist.gov/vuln/detail/CVE-2015-3719
https://nvd.nist.gov/vuln/detail/CVE-2015-3717
https://nvd.nist.gov/vuln/detail/CVE-2015-3710
https://nvd.nist.gov/vuln/detail/CVE-2015-3703
https://nvd.nist.gov/vuln/detail/CVE-2015-3690
https://nvd.nist.gov/vuln/detail/CVE-2015-3686
https://nvd.nist.gov/vuln/detail/CVE-2015-3685
https://nvd.nist.gov/vuln/detail/CVE-2015-3684
https://nvd.nist.gov/vuln/detail/CVE-2015-3683
https://nvd.nist.gov/vuln/detail/CVE-2015-3682
https://nvd.nist.gov/vuln/detail/CVE-2015-3681
https://nvd.nist.gov/vuln/detail/CVE-2015-3680
https://nvd.nist.gov/vuln/detail/CVE-2015-3679
https://nvd.nist.gov/vuln/detail/CVE-2015-3678
https://nvd.nist.gov/vuln/detail/CVE-2015-3677
https://nvd.nist.gov/vuln/detail/CVE-2015-3676
https://nvd.nist.gov/vuln/detail/CVE-2015-3675
https://nvd.nist.gov/vuln/detail/CVE-2015-3674
https://nvd.nist.gov/vuln/detail/CVE-2015-3673
https://nvd.nist.gov/vuln/detail/CVE-2015-3672
https://nvd.nist.gov/vuln/detail/CVE-2015-3671
https://nvd.nist.gov/vuln/detail/CVE-2015-0235
https://nvd.nist.gov/vuln/detail/CVE-2015-0273
https://nvd.nist.gov/vuln/detail/CVE-2015-1157
https://nvd.nist.gov/vuln/detail/CVE-2015-4000
https://nvd.nist.gov/vuln/detail/CVE-2014-8127
https://nvd.nist.gov/vuln/detail/CVE-2014-8128
https://nvd.nist.gov/vuln/detail/CVE-2014-8129
https://nvd.nist.gov/vuln/detail/CVE-2014-8130
https://nvd.nist.gov/vuln/detail/CVE-2015-1798
https://nvd.nist.gov/vuln/detail/CVE-2015-1799
https://nvd.nist.gov/vuln/detail/CVE-2015-0209
https://nvd.nist.gov/vuln/detail/CVE-2015-0286
https://nvd.nist.gov/vuln/detail/CVE-2015-0287
https://nvd.nist.gov/vuln/detail/CVE-2015-0288
https://nvd.nist.gov/vuln/detail/CVE-2015-0289
https://nvd.nist.gov/vuln/detail/CVE-2015-0293
https://nvd.nist.gov/vuln/detail/CVE-2015-3661
https://nvd.nist.gov/vuln/detail/CVE-2015-3662
https://nvd.nist.gov/vuln/detail/CVE-2015-3663
https://nvd.nist.gov/vuln/detail/CVE-2015-3666
https://nvd.nist.gov/vuln/detail/CVE-2015-3667
https://nvd.nist.gov/vuln/detail/CVE-2015-3668
https://nvd.nist.gov/vuln/detail/CVE-2013-1741
https://nvd.nist.gov/vuln/detail/CVE-2015-7036
https://nvd.nist.gov/vuln/detail/CVE-2014-8139
https://nvd.nist.gov/vuln/detail/CVE-2014-8140
https://nvd.nist.gov/vuln/detail/CVE-2014-8141

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/75493
https://www.securityfocus.com/bid/75495
https://www.securityfocus.com/bid/75491

References:

http://support.apple.com/kb/HT204942
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

Severity
High
CVSS Score
9.3
Published
2015-07-10
Modified
2019-05-03
Category
Mac OS X Local Security Checks

Free Vulnerability Scanning, Assessment and Management

Mageni's Platform is packed with all the features you need to scan, assess and manage vulnerabilities like this - it is free, open source, lightning fast, reliable and scalable.

Router
Servers
Laptop
Database
Group
Cloud

Frequently Asked Questions

No, you can scan concurrently as many assets as you want. Please note that you must be aware of the hardware requeriments of the platform to ensure a good performance.

No, you can add as many assest as you want. It doesn't matters if you have millions of assets, we won't charge you for that.

No. The software is completely free. We have no intention to charge you to use the software, in fact - it completely goes against our beliefs and business model.

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)

We generate revenue by providing support and other services for customers that require a subscription so they get guaranteed support and enterprise services. To use Mageni's Platform is completely free, with no limits at all.

Yes. Mageni understands that there are professionals and businesses that need commercial support so Mageni provides an active support subscription with everything needed to run Mageni's Platform reliably and securely. More than software, it's access to security experts, knowledge resources, security updates, and support tools you can't get anywhere else. The subscription includes:

  • Ongoing delivery
    • Patches
    • Bug fixes
    • Updates
    • Upgrades
  • Technical support
    • 24/7 availability
    • Unlimited Incidents
    • Specialty-based routing
    • Multi-Channel
  • Commitments
    • Software certifications
    • Software assurance
    • SLA

No, we don't store the information of your vulnerabilities in our servers.

Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization. The term vulnerability management is often confused with vulnerability scanning. Despite the fact both are related, there is an important difference between the two. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure or applications. Vulnerability management is the process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation etc. Source: "Implementing a Vulnerability Management Process". SANS Institute.

I am ready to start scanning for vulnerabilities