[Fed-Talk] Tenable/Nessus plugin 93685 - anyone dealing with this headache?
[Fed-Talk] Tenable/Nessus plugin 93685 - anyone dealing with this headache?
- Subject: [Fed-Talk] Tenable/Nessus plugin 93685 - anyone dealing with this headache?
- From: Taylor Armstrong - NOAA Affiliate <email@hidden>
- Date: Tue, 27 Sep 2016 15:03:37 -0400
Wondering if anyone is starting to tackle the best way to push back on this.
Tenable added plugin 93685 last week, and it is starting to show up in our environment.
From the description:
The remote host is running a version of Mac OS X that is 10.11.6 or later but prior to macOS 10.12. It is, therefore, affected by multiple vulnerabilities in the following components :
- apache - apache_mod_php - Apple HSSPI Support - AppleEFIRuntime - AppleMobileFileIntegrity - AppleUCC - Application Firewall - ATS - Audio - Bluetooth - cd9660 - CFNetwork - CommonCrypto - CoreCrypto - CoreDisplay - curl - Date & Time Pref Pane - DiskArbitration - File Bookmark - FontParser - IDS - Connectivity - Intel Graphics Driver - IOAcceleratorFamily - IOThunderboltFamily - Kerberos v5 PAM module - Kernel - libarchive - libxml2 - libxslt - mDNSResponder - NSSecureTextField - Perl - S2 Camera - Security - Terminal - WindowServer
Note that successful exploitation of the most serious issues can result in arbitrary code execution.
Solution
Upgrade to macOS version 10.12 or later.
Risk Factor: Critical
Obviously, 10.12 included a host of security patches. However, I'm starting to go through the list trying to validate that they're not addressed in 10.11.6 (or that they won't be by the next Security Update). There's no chance that we're going to rush to upgrade to 10.12 without a secure baseline in place From my perspective, this is laziness on Tenable's part: the only check is for OS version, it is not actually validating that any of the vulnerabilities actually are present on a given system. Anyone else started working on this one yet?
--
Taylor Armstrong
Contractor at NOAA
Macintosh Systems Administrator
Tel: 301-713-1156, ext 195
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden