Vulnerabilities > CVE-2015-7041 - Multiple Security vulnerability in Apple Mac OS X/watchOS/iOS/tvOS

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
apple
nessus

Summary

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.

Vulnerable Configurations

Part Description Count
OS
Apple
274

Nessus

  • NASL familyMisc.
    NASL idAPPLETV_9_1.NASL
    descriptionAccording to its banner, the version of the remote Apple TV device is prior to 9.1. It is, therefore, affected by multiple vulnerabilities in the following components : - AppleMobileFileIntegrity - Compression - CoreGraphics - CoreMedia Playback - Disk Images - dyld - ImageIO - IOAcceleratorFamily - IOHIDFamily - IOKit SCSI - Kernel - libarchive - libc - libxml2 - MobileStorageMounter - OpenGL - Security - WebKit Note that only 4th generation models are affected by the vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id94050
    published2016-10-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94050
    titleApple TV < 9.1 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94050);
      script_version("1.8");
      script_cvs_date("Date: 2019/02/26  4:50:08");
    
      script_cve_id(
        "CVE-2011-2895",
        "CVE-2015-7038",
        "CVE-2015-7039",
        "CVE-2015-7040",
        "CVE-2015-7041",
        "CVE-2015-7042",
        "CVE-2015-7043",
        "CVE-2015-7047",
        "CVE-2015-7048",
        "CVE-2015-7051",
        "CVE-2015-7053",
        "CVE-2015-7054",
        "CVE-2015-7055",
        "CVE-2015-7058",
        "CVE-2015-7059",
        "CVE-2015-7060",
        "CVE-2015-7061",
        "CVE-2015-7064",
        "CVE-2015-7065",
        "CVE-2015-7066",
        "CVE-2015-7068",
        "CVE-2015-7072",
        "CVE-2015-7073",
        "CVE-2015-7074",
        "CVE-2015-7075",
        "CVE-2015-7079",
        "CVE-2015-7083",
        "CVE-2015-7084",
        "CVE-2015-7095",
        "CVE-2015-7096",
        "CVE-2015-7097",
        "CVE-2015-7098",
        "CVE-2015-7099",
        "CVE-2015-7100",
        "CVE-2015-7101",
        "CVE-2015-7102",
        "CVE-2015-7103",
        "CVE-2015-7104",
        "CVE-2015-7105",
        "CVE-2015-7109",
        "CVE-2015-7110",
        "CVE-2015-7111",
        "CVE-2015-7112",
        "CVE-2015-7115",
        "CVE-2015-7116"
      );
      script_bugtraq_id(
        49124,
        78719,
        78720,
        78725,
        78726,
        78728,
        78728,
        78732,
        78733,
        78735,
        80379
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-12-08-2");
      script_xref(name:"EDB-ID", value:"39357");
      script_xref(name:"EDB-ID", value:"38917");
    
      script_name(english:"Apple TV < 9.1 Multiple Vulnerabilities");
      script_summary(english:"Checks the build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of the remote Apple TV device is
    prior to 9.1. It is, therefore, affected by multiple vulnerabilities
    in the following components :
    
      - AppleMobileFileIntegrity
      - Compression
      - CoreGraphics
      - CoreMedia Playback
      - Disk Images
      - dyld
      - ImageIO
      - IOAcceleratorFamily
      - IOHIDFamily
      - IOKit SCSI
      - Kernel
      - libarchive
      - libc
      - libxml2
      - MobileStorageMounter
      - OpenGL
      - Security
      - WebKit
    
    Note that only 4th generation models are affected by the
    vulnerabilities.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT205640");
      # https://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?951f278f");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple TV version 9.1 or later. Note that this update is
    available only for 4th generation models.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7116");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/13");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("appletv_version.nasl");
      script_require_keys("AppleTV/Version", "AppleTV/Model", "AppleTV/URL", "AppleTV/Port");
      script_require_ports("Services/www", 7000);
    
      exit(0);
    }
    
    include("appletv_func.inc");
    include("audit.inc");
    
    url = get_kb_item('AppleTV/URL');
    if (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');
    port = get_kb_item('AppleTV/Port');
    if (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');
    
    build = get_kb_item('AppleTV/Version');
    if (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');
    
    model = get_kb_item('AppleTV/Model');
    if (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');
    
    # fix
    fixed_build = "13T402";
    tvos_ver = "9.1"; # for reporting purposes only
    
    # determine gen from the model
    gen = APPLETV_MODEL_GEN[model];
    
    appletv_check_version(
      build        : build,
      fix          : fixed_build,
      affected_gen : 4,
      fix_tvos_ver : tvos_ver,
      model        : model,
      gen          : gen,
      severity     : SECURITY_HOLE,
      port         : port,
      url          : url
    );
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_11_2.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedia Playback - Disk Images - EFI - File Bookmark - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit SCSI - IOThunderboltFamily - Kernel - kext tools - Keychain Access - libarchive - libc - libexpat - libxml2 - OpenGL - OpenLDAP - OpenSSH - QuickLook - Sandbox - Security - System Integrity Protection Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id87314
    published2015-12-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87314
    titleMac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87314);
      script_version("1.10");
      script_cvs_date("Date: 2019/11/20");
    
      script_cve_id(
        "CVE-2011-2895",
        "CVE-2012-0876",
        "CVE-2012-1147",
        "CVE-2012-1148",
        "CVE-2015-3807",
        "CVE-2015-5333",
        "CVE-2015-5334",
        "CVE-2015-6908",
        "CVE-2015-7001",
        "CVE-2015-7038",
        "CVE-2015-7039",
        "CVE-2015-7040",
        "CVE-2015-7041",
        "CVE-2015-7042",
        "CVE-2015-7043",
        "CVE-2015-7044",
        "CVE-2015-7045",
        "CVE-2015-7046",
        "CVE-2015-7047",
        "CVE-2015-7052",
        "CVE-2015-7053",
        "CVE-2015-7054",
        "CVE-2015-7058",
        "CVE-2015-7059",
        "CVE-2015-7060",
        "CVE-2015-7061",
        "CVE-2015-7062",
        "CVE-2015-7063",
        "CVE-2015-7064",
        "CVE-2015-7065",
        "CVE-2015-7066",
        "CVE-2015-7067",
        "CVE-2015-7068",
        "CVE-2015-7071",
        "CVE-2015-7073",
        "CVE-2015-7074",
        "CVE-2015-7075",
        "CVE-2015-7076",
        "CVE-2015-7077",
        "CVE-2015-7078",
        "CVE-2015-7081",
        "CVE-2015-7083",
        "CVE-2015-7084",
        "CVE-2015-7094",
        "CVE-2015-7105",
        "CVE-2015-7106",
        "CVE-2015-7107",
        "CVE-2015-7108",
        "CVE-2015-7109",
        "CVE-2015-7110",
        "CVE-2015-7111",
        "CVE-2015-7112",
        "CVE-2015-7115",
        "CVE-2015-7116",
        "CVE-2015-7803",
        "CVE-2015-7804"
      );
      script_bugtraq_id(
        49124,
        52379,
        76343,
        76714,
        76959,
        77112,
        78719,
        78721,
        78725,
        78730,
        78733,
        78735
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-12-08-3");
      script_xref(name:"EDB-ID", value:"38917");
    
      script_name(english:"Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of Mac OS X.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes multiple
    security vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X that is 10.11.x prior
    to 10.11.2. It is, therefore, affected by multiple vulnerabilities in
    the following components :
    
      - apache_mod_php
      - AppSandbox
      - Bluetooth
      - CFNetwork HTTPProtocol
      - Compression
      - Configuration Profiles
      - CoreGraphics
      - CoreMedia Playback
      - Disk Images
      - EFI
      - File Bookmark
      - Hypervisor
      - iBooks
      - ImageIO
      - Intel Graphics Driver
      - IOAcceleratorFamily
      - IOHIDFamily
      - IOKit SCSI
      - IOThunderboltFamily
      - Kernel
      - kext tools
      - Keychain Access
      - libarchive
      - libc
      - libexpat
      - libxml2
      - OpenGL
      - OpenLDAP
      - OpenSSH
      - QuickLook
      - Sandbox
      - Security
      - System Integrity Protection
    
    Note that successful exploitation of the most serious issues can
    result in arbitrary code execution.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT205579");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT205637");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Mac OS X version 10.11.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7071");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/10");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
      script_require_ports("Host/MacOSX/Version", "Host/OS");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item_or_exit("Host/OS");
      if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Cannot determine the host's OS with sufficient confidence.");
    }
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    match = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
    if (isnull(match)) exit(1, "Failed to parse the Mac OS X version ('" + os + "').");
    
    version = match[1];
    
    if (
      version !~ "^10\.11([^0-9]|$)"
    ) audit(AUDIT_OS_NOT, "Mac OS X 10.11 or later", "Mac OS X "+version);
    
    fixed_version = "10.11.2";
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
        {
          report = '\n  Installed version : ' + version +
                   '\n  Fixed version     : ' + fixed_version +
                   '\n';
          security_hole(port:0, extra:report);
        }
        else security_hole(0);
        exit(0);
    }
    else exit(0, "The host is not affected since it is running Mac OS X "+version+".");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-008.NASL
    descriptionThe remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedia Playback - Disk Images - EFI - File Bookmark - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOHIDFamily - IOKit SCSI - IOThunderboltFamily - Kernel - kext tools - Keychain Access - libarchive - libc - libexpat - libxml2 - OpenGL - OpenLDAP - OpenSSH - QuickLook - Sandbox - Security - System Integrity Protection Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id87321
    published2015-12-11
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87321
    titleMac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)