ID CVE-2015-6976 Type cve Reporter cve@mitre.org Modified 2016-12-24T02:59:00
Description
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
{"openvas": [{"lastseen": "2020-02-11T15:39:06", "bulletinFamily": "scanner", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2020-02-11T00:00:00", "published": "2018-05-15T00:00:00", "id": "OPENVAS:1361412562310813191", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813191", "title": "Apple Mac OS X Multiple Vulnerabilities-01 (HT205375)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 (HT205375)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813191\");\n script_version(\"2020-02-11T08:37:57+0000\");\n script_cve_id(\"CVE-2014-4860\", \"CVE-2015-0235\", \"CVE-2015-0273\", \"CVE-2015-5924\",\n \"CVE-2015-5925\", \"CVE-2015-5926\", \"CVE-2015-5927\", \"CVE-2015-5933\",\n \"CVE-2015-5934\", \"CVE-2015-5936\", \"CVE-2015-5937\", \"CVE-2015-5939\",\n \"CVE-2015-5940\", \"CVE-2015-5942\", \"CVE-2015-6834\", \"CVE-2015-6835\",\n \"CVE-2015-6836\", \"CVE-2015-6837\", \"CVE-2015-6838\", \"CVE-2015-6976\",\n \"CVE-2015-6977\", \"CVE-2015-6978\", \"CVE-2015-6980\", \"CVE-2015-6984\",\n \"CVE-2015-6985\", \"CVE-2015-6991\", \"CVE-2015-6992\", \"CVE-2015-6993\",\n \"CVE-2015-6996\", \"CVE-2015-7003\", \"CVE-2015-7009\", \"CVE-2015-7010\",\n \"CVE-2015-7018\", \"CVE-2015-7024\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-11 08:37:57 +0000 (Tue, 11 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-15 15:17:32 +0530 (Tue, 15 May 2018)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 (HT205375)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details refer\n reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code, unexpected application termination, exercise unused\n EFI functions, overwrite arbitrary files and load arbitrary files.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.9.x through\n 10.9.5 prior to build 13F1134, 10.10.x through 10.10.5 prior to build 14F1021,\n and 10.11.x prior to 10.11.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade 10.11.x Apple Mac OS X to version\n 10.11.1 or apply the appropriate patch for 10.10.x and 10.9.x Apple Mac OS X\n versions. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT205375\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.(9|1[01])\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.(9|1[01])\"){\n exit(0);\n}\n\nif(osVer =~ \"^10\\.(9|10)\")\n{\n if(version_in_range(version:osVer, test_version:\"10.9\", test_version2:\"10.9.4\") ||\n version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.9.5\" || osVer == \"10.10.5\")\n {\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(buildVer)\n {\n if((osVer == \"10.9.5\" && version_is_less(version:buildVer, test_version:\"13F1134\")) ||\n (osVer == \"10.10.5\" && version_is_less(version:buildVer, test_version:\"14F1021\")))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n }\n}\n\nelse if(osVer =~ \"^10\\.11\" && version_is_less(version:osVer, test_version:\"10.11.1\")){\n fix = \"10.11.1\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-02-01T00:30:14", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.9.5 or 10.10.5\nthat is missing Security Update 2015-004 or 2015-007. It is,\ntherefore, affected by multiple vulnerabilities in the following\ncomponents :\n\n - Accelerate Framework\n - apache_mod_php\n - ATS\n - Audio\n - CFNetwork\n - CoreGraphics\n - CoreText\n - EFI\n - FontParser\n - Grand Central Dispatch\n - ImageIO\n - IOAcceleratorFamily\n - Kernel\n - libarchive\n - MCX Application Restrictions\n - OpenGL\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.", "modified": "2020-02-02T00:00:00", "id": "MACOSX_SECUPD2015-007.NASL", "href": "https://www.tenable.com/plugins/nessus/86829", "published": "2015-11-10T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86829);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2015-0235\",\n \"CVE-2015-0273\",\n \"CVE-2015-4860\",\n \"CVE-2015-5924\",\n \"CVE-2015-5925\",\n \"CVE-2015-5926\",\n \"CVE-2015-5927\",\n \"CVE-2015-5932\",\n \"CVE-2015-5933\",\n \"CVE-2015-5934\",\n \"CVE-2015-5935\",\n \"CVE-2015-5936\",\n \"CVE-2015-5937\",\n \"CVE-2015-5938\",\n \"CVE-2015-5939\",\n \"CVE-2015-5940\",\n \"CVE-2015-5942\",\n \"CVE-2015-5944\",\n \"CVE-2015-6834\",\n \"CVE-2015-6835\",\n \"CVE-2015-6836\",\n \"CVE-2015-6837\",\n \"CVE-2015-6838\",\n \"CVE-2015-6975\",\n \"CVE-2015-6976\",\n \"CVE-2015-6977\",\n \"CVE-2015-6978\",\n \"CVE-2015-6984\",\n \"CVE-2015-6985\",\n \"CVE-2015-6989\",\n \"CVE-2015-6991\",\n \"CVE-2015-6992\",\n \"CVE-2015-6993\",\n \"CVE-2015-6996\",\n \"CVE-2015-7009\",\n \"CVE-2015-7010\",\n \"CVE-2015-7016\",\n \"CVE-2015-7018\",\n \"CVE-2015-7023\",\n \"CVE-2015-7035\"\n );\n script_bugtraq_id(\n 69477,\n 72325,\n 72701,\n 74971,\n 76317,\n 76644,\n 76649,\n 76733,\n 76734,\n 76738,\n 77162,\n 77263,\n 77265,\n 77266,\n 77270\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-10-21-4\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)\");\n script_summary(english:\"Checks for the presence of Security Update 2015-004 and 2015-007.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.9.5 or 10.10.5\nthat is missing Security Update 2015-004 or 2015-007. It is,\ntherefore, affected by multiple vulnerabilities in the following\ncomponents :\n\n - Accelerate Framework\n - apache_mod_php\n - ATS\n - Audio\n - CFNetwork\n - CoreGraphics\n - CoreText\n - EFI\n - FontParser\n - Grand Central Dispatch\n - ImageIO\n - IOAcceleratorFamily\n - Kernel\n - libarchive\n - MCX Application Restrictions\n - OpenGL\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205375\");\n # https://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7e01da3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2015-004 / 2015-007 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Advisory states that update 2015-004 is available for 10.10.5 and update 2015-007 is available for 10.9.5\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.(9|10)\\.5([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9.5 or Mac OS X 10.10.5\");\n\nif (\"10.9.5\" >< os) patch = \"2015-007\";\nelse if (\"10.10.5\" >< os) patch = \"2015-004\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T00:29:30", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X that is 10.9.5 or\nlater but prior to 10.11.1 It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - Accelerate Framework (CVE-2015-5940)\n\n - apache_mod_php (CVE-2015-0235, CVE-2015-0273,\n CVE-2015-6834, CVE-2015-6835, CVE-2015-6836,\n CVE-2015-6837, CVE-2015-6838)\n\n - ATS (CVE-2015-6985)\n\n - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)\n\n - Bom (CVE-2015-7006)\n\n - CFNetwork (CVE-2015-7023)\n\n - configd (CVE-2015-7015)\n\n - CoreGraphics (CVE-2015-5925, CVE-2015-5926)\n\n - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992,\n CVE-2015-7017)\n\n - Directory Utility (CVE-2015-6980)\n\n - Disk Images (CVE-2015-6995)\n\n - EFI (CVE-2015-7035)\n\n - File Bookmark (CVE-2015-6987)\n\n - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976,\n CVE-2015-6977, CVE-2015-6978, CVE-2015-6990,\n CVE-2015-6991, CVE-2015-6993, CVE-2015-7008,\n CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)\n\n - Grand Central Dispatch (CVE-2015-6989)\n\n - Graphics Drivers (CVE-2015-7019, CVE-2015-7020,\n CVE-2015-7021)\n\n - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937,\n CVE-2015-5938, CVE-2015-5939)\n\n - IOAcceleratorFamily (CVE-2015-6996)\n\n - IOHIDFamily (CVE-2015-6974)\n\n - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)\n\n - libarchive (CVE-2015-6984)\n\n - MCX Application Restrictions (CVE-2015-7016)\n\n - Net-SNMP (CVE-2014-3565, CVE-2012-6151)\n\n - OpenGL (CVE-2015-5924)\n\n - OpenSSH (CVE-2015-6563)\n\n - Sandbox (CVE-2015-5945)\n\n - Script Editor (CVE-2015-7007)\n\n - Security (CVE-2015-6983, CVE-2015-7024)\n\n - SecurityAgent (CVE-2015-5943)\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.", "modified": "2020-02-02T00:00:00", "id": "MACOSX_10_11_1.NASL", "href": "https://www.tenable.com/plugins/nessus/86654", "published": "2015-10-29T00:00:00", "title": "Mac OS X < 10.11.1 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86654);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2012-6151\",\n \"CVE-2014-3565\",\n \"CVE-2015-0235\",\n \"CVE-2015-0273\",\n \"CVE-2015-5924\",\n \"CVE-2015-5925\",\n \"CVE-2015-5926\",\n \"CVE-2015-5927\",\n \"CVE-2015-5932\",\n \"CVE-2015-5933\",\n \"CVE-2015-5934\",\n \"CVE-2015-5935\",\n \"CVE-2015-5936\",\n \"CVE-2015-5937\",\n \"CVE-2015-5938\",\n \"CVE-2015-5939\",\n \"CVE-2015-5940\",\n \"CVE-2015-5942\",\n \"CVE-2015-5943\",\n \"CVE-2015-5944\",\n \"CVE-2015-5945\",\n \"CVE-2015-6563\",\n \"CVE-2015-6834\",\n \"CVE-2015-6835\",\n \"CVE-2015-6836\",\n \"CVE-2015-6837\",\n \"CVE-2015-6838\",\n \"CVE-2015-6974\",\n \"CVE-2015-6975\",\n \"CVE-2015-6976\",\n \"CVE-2015-6977\",\n \"CVE-2015-6978\",\n \"CVE-2015-6980\",\n \"CVE-2015-6983\",\n \"CVE-2015-6984\",\n \"CVE-2015-6985\",\n \"CVE-2015-6987\",\n \"CVE-2015-6988\",\n \"CVE-2015-6989\",\n \"CVE-2015-6990\",\n \"CVE-2015-6991\",\n \"CVE-2015-6992\",\n \"CVE-2015-6993\",\n \"CVE-2015-6994\",\n \"CVE-2015-6995\",\n \"CVE-2015-6996\",\n \"CVE-2015-7003\",\n \"CVE-2015-7006\",\n \"CVE-2015-7007\",\n \"CVE-2015-7008\",\n \"CVE-2015-7009\",\n \"CVE-2015-7010\",\n \"CVE-2015-7015\",\n \"CVE-2015-7016\",\n \"CVE-2015-7017\",\n \"CVE-2015-7018\",\n \"CVE-2015-7019\",\n \"CVE-2015-7020\",\n \"CVE-2015-7021\",\n \"CVE-2015-7023\",\n \"CVE-2015-7024\",\n \"CVE-2015-7035\"\n );\n script_bugtraq_id(\n 64048,\n 69477,\n 72325,\n 72701,\n 74971,\n 76317,\n 76644,\n 76649,\n 76733,\n 76734,\n 76738,\n 77263,\n 77265,\n 77266,\n 77270\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-10-21-4\");\n\n script_name(english:\"Mac OS X < 10.11.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.9.5 or\nlater but prior to 10.11.1 It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - Accelerate Framework (CVE-2015-5940)\n\n - apache_mod_php (CVE-2015-0235, CVE-2015-0273,\n CVE-2015-6834, CVE-2015-6835, CVE-2015-6836,\n CVE-2015-6837, CVE-2015-6838)\n\n - ATS (CVE-2015-6985)\n\n - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)\n\n - Bom (CVE-2015-7006)\n\n - CFNetwork (CVE-2015-7023)\n\n - configd (CVE-2015-7015)\n\n - CoreGraphics (CVE-2015-5925, CVE-2015-5926)\n\n - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992,\n CVE-2015-7017)\n\n - Directory Utility (CVE-2015-6980)\n\n - Disk Images (CVE-2015-6995)\n\n - EFI (CVE-2015-7035)\n\n - File Bookmark (CVE-2015-6987)\n\n - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976,\n CVE-2015-6977, CVE-2015-6978, CVE-2015-6990,\n CVE-2015-6991, CVE-2015-6993, CVE-2015-7008,\n CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)\n\n - Grand Central Dispatch (CVE-2015-6989)\n\n - Graphics Drivers (CVE-2015-7019, CVE-2015-7020,\n CVE-2015-7021)\n\n - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937,\n CVE-2015-5938, CVE-2015-5939)\n\n - IOAcceleratorFamily (CVE-2015-6996)\n\n - IOHIDFamily (CVE-2015-6974)\n\n - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)\n\n - libarchive (CVE-2015-6984)\n\n - MCX Application Restrictions (CVE-2015-7016)\n\n - Net-SNMP (CVE-2014-3565, CVE-2012-6151)\n\n - OpenGL (CVE-2015-5924)\n\n - OpenSSH (CVE-2015-6563)\n\n - Sandbox (CVE-2015-5945)\n\n - Script Editor (CVE-2015-7007)\n\n - Security (CVE-2015-6983, CVE-2015-7024)\n\n - SecurityAgent (CVE-2015-5943)\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205375\");\n # https://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7e01da3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.11.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari User-Assisted Applescript Exec Attack');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Cannot determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\n\nif (\n version !~ \"^10\\.11([^0-9]|$)\"\n) audit(AUDIT_OS_NOT, \"Mac OS X 10.11 or later\", \"Mac OS X \"+version);\n\nfixed_version = \"10.11.1\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected since it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\nAPPLE-SA-2015-10-21-1 iOS 9.1\r\n\r\niOS 9.1 is now available and addresses the following:\r\n\r\nAccelerate Framework\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in the Accelerate\r\nFramework in multi-threading mode. This issue was addressed through\r\nimproved accessor element validation and improved object locking.\r\nCVE-ID\r\nCVE-2015-5940 : Apple\r\n\r\nBom\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Unpacking a maliciously crafted archive may lead to\r\narbitrary code execution\r\nDescription: A file traversal vulnerability existed in the handling\r\nof CPIO archives. This issue was addressed through improved\r\nvalidation of metadata.\r\nCVE-ID\r\nCVE-2015-7006 : Mark Dowd at Azimuth Security\r\n\r\nCFNetwork\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to cookies\r\nbeing overwritten\r\nDescription: A parsing issue existed when handling cookies with\r\ndifferent letter casing. This issue was addressed through improved\r\nparsing.\r\nCVE-ID\r\nCVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of\r\nTsinghua University, Jian Jiang of University of California,\r\nBerkeley, Haixin Duan of Tsinghua University and International\r\nComputer Science Institute, Shuo Chen of Microsoft Research Redmond,\r\nTao Wan of Huawei Canada, Nicholas Weaver of International Computer\r\nScience Institute and University of California, Berkeley, coordinated\r\nvia CERT/CC\r\n\r\nconfigd\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to elevate privileges\r\nDescription: A heap based buffer overflow issue existed in the DNS\r\nclient library. A malicious application with the ability to spoof\r\nresponses from the local configd service may have been able to cause\r\narbitrary code execution in DNS clients.\r\nCVE-ID\r\nCVE-2015-7015 : PanguTeam\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in\r\nCoreGraphics. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5925 : Apple\r\nCVE-2015-5926 : Apple\r\n\r\nCoreText\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nDisk Images\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in the parsing of\r\ndisk images. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6995 : Ian Beer of Google Project Zero\r\n\r\nFontParser\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-5927 : Apple\r\nCVE-2015-5942\r\nCVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero\r\nDay Initiative\r\nCVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nGasGauge\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with kernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-6979 : PanguTeam\r\n\r\nGrand Central Dispatch\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted package may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed when handling\r\ndispatch calls. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6989 : Apple\r\n\r\nGraphics Driver\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Executing a malicious application may result in arbitrary\r\ncode execution within the kernel\r\nDescription: A type confusion issue existed in AppleVXD393. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team\r\n\r\nImageIO\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted image file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nparsing of image metadata. These issues was addressed through\r\nimproved metadata validation.\r\nCVE-ID\r\nCVE-2015-5935 : Apple\r\nCVE-2015-5936 : Apple\r\nCVE-2015-5937 : Apple\r\nCVE-2015-5939 : Apple\r\n\r\nIOAcceleratorFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in\r\nIOAcceleratorFamily. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6996 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with kernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-6974 : Luca Todesco (@qwertyoruiop)\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local application may be able to cause a denial of service\r\nDescription: An input validation issue existed in the kernel. This\r\nissue was addressed through improved input validation.\r\nCVE-ID\r\nCVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker with a privileged network position may be able\r\nto execute arbitrary code\r\nDescription: An uninitialized memory issue existed in the kernel.\r\nThis issue was addressed through improved memory initialization.\r\nCVE-ID\r\nCVE-2015-6988 : The Brainy Code Scanner (m00nbsd)\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local application may be able to cause a denial of service\r\nDescription: An issue existed when reusing virtual memory. This\r\nissue was addressed through improved validation.\r\nCVE-ID\r\nCVE-2015-6994 : Mark Mentovai of Google Inc.\r\n\r\nNotification Center\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Phone and Messages notifications may appear on the lock\r\nscreen even when disabled\r\nDescription: When "Show on Lock Screen" was turned off for Phone or\r\nMessages, configuration changes were not immediately applied. This\r\nissue was addressed through improved state management.\r\nCVE-ID\r\nCVE-2015-7000 : William Redwood of Hampton School\r\n\r\nOpenGL\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in OpenGL. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5924 : Apple\r\n\r\nSecurity\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to overwrite arbitrary\r\nfiles\r\nDescription: A double free issue existed in the handling of\r\nAtomicBufferedFile descriptors. This issue was addressed through\r\nimproved validation of AtomicBufferedFile descriptors.\r\nCVE-ID\r\nCVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey\r\nUlanov from the Chrome Team\r\n\r\nSecurity\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker may be able to make a revoked certificate appear\r\nvalid\r\nDescription: A validation issue existed in the OCSP client. This\r\nissue was addressed by checking the OCSP certificate's expiration\r\ntime.\r\nCVE-ID\r\nCVE-2015-6999 : Apple\r\n\r\nSecurity\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A trust evaluation configured to require revocation checking\r\nmay succeed even if revocation checking fails\r\nDescription: The kSecRevocationRequirePositiveResponse flag was\r\nspecified but not implemented. This issue was addressed by\r\nimplementing the flag.\r\nCVE-ID\r\nCVE-2015-6997 : Apple\r\n\r\nTelephony\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to leak sensitive user\r\ninformation\r\nDescription: An issue existed in the authorization checks for\r\nquerying phone call status. This issue was addressed through\r\nadditional authorization state queries.\r\nCVE-ID\r\nCVE-2015-7022 : Andreas Kurtz of NESO Security Labs\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5928 : Apple\r\nCVE-2015-5929 : Apple\r\nCVE-2015-5930 : Apple\r\nCVE-2015-6981\r\nCVE-2015-6982\r\nCVE-2015-7002 : Apple\r\nCVE-2015-7005 : Apple\r\nCVE-2015-7012 : Apple\r\nCVE-2015-7014\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "9.1".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "modified": "2015-10-25T00:00:00", "published": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32563", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32563", "title": "APPLE-SA-2015-10-21-1 iOS 9.1", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "description": "\r\n\r\nAPPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update\r\n2015-007\r\n\r\nOS X El Capitan 10.11.1 and Security Update 2015-007 are now\r\navailable and address the following:\r\n\r\nAccelerate Framework\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in the Accelerate\r\nFramework in multi-threading mode. This issue was addressed through\r\nimproved accessor element validation and improved object locking.\r\nCVE-ID\r\nCVE-2015-5940 : Apple\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Multiple vulnerabilities in PHP\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.29 and 5.4.45. These were addressed by updating PHP to\r\nversions 5.5.29 and 5.4.45.\r\nCVE-ID\r\nCVE-2015-0235\r\nCVE-2015-0273\r\nCVE-2015-6834\r\nCVE-2015-6835\r\nCVE-2015-6836\r\nCVE-2015-6837\r\nCVE-2015-6838\r\n\r\nATS\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Visiting a maliciously crafted webpage may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in ATS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nAudio\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode\r\nDescription: An uninitialized memory issue existed in coreaudiod.\r\nThis issue was addressed through improved memory initialization.\r\nCVE-ID\r\nCVE-2015-7003 : Mark Brand of Google Project Zero\r\n\r\nAudio\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Playing a malicious audio file may lead to arbitrary code\r\nexecution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of audio files. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5933 : Apple\r\nCVE-2015-5934 : Apple\r\n\r\nBom\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: Unpacking a maliciously crafted archive may lead to\r\narbitrary code execution\r\nDescription: A file traversal vulnerability existed in the handling\r\nof CPIO archives. This issue was addressed through improved\r\nvalidation of metadata.\r\nCVE-ID\r\nCVE-2015-7006 : Mark Dowd of Azimuth Security\r\n\r\nCFNetwork\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: Visiting a maliciously crafted website may lead to cookies\r\nbeing overwritten\r\nDescription: A parsing issue existed when handling cookies with\r\ndifferent letter casing. This issue was addressed through improved\r\nparsing.\r\nCVE-ID\r\nCVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of\r\nTsinghua University, Jian Jiang of University of California,\r\nBerkeley, Haixin Duan of Tsinghua University and International\r\nComputer Science Institute, Shuo Chen of Microsoft Research Redmond,\r\nTao Wan of Huawei Canada, Nicholas Weaver of International Computer\r\nScience Institute and University of California, Berkeley, coordinated\r\nvia CERT/CC\r\n\r\nconfigd\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application may be able to elevate privileges\r\nDescription: A heap based buffer overflow issue existed in the DNS\r\nclient library. A malicious application with the ability to spoof\r\nresponses from the local configd service may have been able to cause\r\narbitrary code execution in DNS clients.\r\nCVE-ID\r\nCVE-2015-7015 : PanguTeam\r\n\r\nCoreGraphics\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in\r\nCoreGraphics. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5925 : Apple\r\nCVE-2015-5926 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nDisk Images\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in the parsing of\r\ndisk images. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6995 : Ian Beer of Google Project Zero\r\n\r\nEFI\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: An attacker can exercise unused EFI functions\r\nDescription: An issue existed with EFI argument handling. This was\r\naddressed by removing the affected functions.\r\nCVE-ID\r\nCVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and\r\nSam Cornwell of The MITRE Corporation, coordinated via CERT/CC\r\n\r\nFile Bookmark\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: Browsing to a folder with malformed bookmarks may cause\r\nunexpected application termination\r\nDescription: An input validation issue existed in parsing bookmark\r\nmetadata. This issue was addressed through improved validation\r\nchecks.\r\nCVE-ID\r\nCVE-2015-6987 : Luca Todesco (@qwertyoruiop)\r\n\r\nFontParser\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-5927 : Apple\r\nCVE-2015-5942\r\nCVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero\r\nDay Initiative\r\nCVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nFontParser\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nGrand Central Dispatch\r\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted package may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\ndispatch calls. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6989 : Apple\r\n\r\nGraphics Drivers\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A local user may be able to cause unexpected system\r\ntermination or read kernel memory\r\nDescription: Multiple out of bounds read issues existed in the\r\nNVIDIA graphics driver. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-7019 : Ian Beer of Google Project Zero\r\nCVE-2015-7020 : Moony Li of Trend Micro\r\n\r\nGraphics Drivers\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-7021 : Moony Li of Trend Micro\r\n\r\nImageIO\r\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\r\nImpact: Processing a maliciously crafted image file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nparsing of image metadata. These issues were addressed through\r\nimproved metadata validation.\r\nCVE-ID\r\nCVE-2015-5935 : Apple\r\nCVE-2015-5938 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Processing a maliciously crafted image file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nparsing of image metadata. These issues were addressed through\r\nimproved metadata validation.\r\nCVE-ID\r\nCVE-2015-5936 : Apple\r\nCVE-2015-5937 : Apple\r\nCVE-2015-5939 : Apple\r\n\r\nIOAcceleratorFamily\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in\r\nIOAcceleratorFamily. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6996 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with kernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-6974 : Luca Todesco (@qwertyoruiop)\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10.5\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A type confusion issue existed in the validation of\r\nMach tasks. This issue was addressed through improved Mach task\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5932 : Luca Todesco (@qwertyoruiop), Filippo Bigarella\r\n\r\nKernel\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: An attacker with a privileged network position may be able\r\nto execute arbitrary code\r\nDescription: An uninitialized memory issue existed in the kernel.\r\nThis issue was addressed through improved memory initialization.\r\nCVE-ID\r\nCVE-2015-6988 : The Brainy Code Scanner (m00nbsd)\r\n\r\nKernel\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A local application may be able to cause a denial of service\r\nDescription: An issue existed when reusing virtual memory. This\r\nissue was addressed through improved validation.\r\nCVE-ID\r\nCVE-2015-6994 : Mark Mentovai of Google Inc.\r\n\r\nlibarchive\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: A malicious application may be able to overwrite arbitrary\r\nfiles\r\nDescription: An issue existed within the path validation logic for\r\nsymlinks. This issue was addressed through improved path\r\nsanitization.\r\nCVE-ID\r\nCVE-2015-6984 : Christopher Crone of Infinit, Jonathan Schleifer\r\n\r\nMCX Application Restrictions\r\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11\r\nImpact: A developer-signed executable may acquire restricted\r\nentitlements\r\nDescription: An entitlement validation issue existed in Managed\r\nConfiguration. A developer-signed app could bypass restrictions on\r\nuse of restricted entitlements and elevate privileges. This issue was\r\naddressed through improved provisioning profile validation.\r\nCVE-ID\r\nCVE-2015-7016 : Apple\r\n\r\nNet-SNMP\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: An attacker in a privileged network position may be able to\r\ncause a denial of service\r\nDescription: Multiple issues existed in netsnmp version 5.6. These\r\nissues were addressed by using patches affecting OS X from upstream.\r\nCVE-ID\r\nCVE-2012-6151\r\nCVE-2014-3565\r\n\r\nOpenGL\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan 10.11\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in OpenGL. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5924 : Apple\r\n\r\nOpenSSH\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A local user may be able to conduct impersonation attacks\r\nDescription: A privilege separation issue existed in PAM support.\r\nThis issue was addressed with improved authorization checks.\r\nCVE-ID\r\nCVE-2015-6563 : Moritz Jodeit of Blue Frost Security GmbH\r\n\r\nSandbox\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A local user may be able to execute arbitrary code with\r\nkernel privileges\r\nDescription: An input validation issue existed when handling NVRAM\r\nparameters. This issue was addressed through improved validation.\r\nCVE-ID\r\nCVE-2015-5945 : Rich Trouton (@rtrouton), Howard Hughes Medical\r\nInstitute, Apple\r\n\r\nScript Editor\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: An attacker may trick a user into running arbitrary\r\nAppleScript\r\nDescription: In some circumstances, Script Editor did not ask for\r\nuser confirmation before executing AppleScripts. This issue was\r\naddressed by prompting for user confirmation before executing\r\nAppleScripts.\r\nCVE-ID\r\nCVE-2015-7007 : Joe Vennix of Rapid7\r\n\r\nSecurity\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application may be able to overwrite arbitrary\r\nfiles\r\nDescription: A double free issue existed in the handling of\r\nAtomicBufferedFile descriptors. This issue was addressed through\r\nimproved validation of AtomicBufferedFile descriptors.\r\nCVE-ID\r\nCVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey\r\nUlanov from the Chrome Team\r\n\r\nSecurityAgent\r\nAvailable for: OS X El Capitan 10.11\r\nImpact: A malicious application can programmatically control\r\nkeychain access prompts\r\nDescription: A method existed for applications to create synthetic\r\nclicks on keychain prompts. This was addressed by disabling synthetic\r\nclicks for keychain access windows.\r\nCVE-ID\r\nCVE-2015-5943\r\n\r\nInstallation note:\r\n\r\nOS X El Capitan v10.11.1 includes the security content of\r\nSafari 9.0.1: https://support.apple.com/kb/HT205377\r\n\r\nOS X El Capitan 10.11.1 and Security Update 2015-007 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "modified": "2015-10-25T00:00:00", "published": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32566", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32566", "title": "APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "Screen unlock, information disclosure, restrictions bypass, multiple memory corruptions, weak encryption, multiple vulnerabilities in different libraries.", "modified": "2015-10-25T00:00:00", "published": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14696", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14696", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "Code execution, information disclosure, restrictions bypass, multiple memory corruptions, multiple libraries vulnerabilities.", "modified": "2015-10-25T00:00:00", "published": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14702", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14702", "title": "Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
