Mac OS X : Safari < 6.1.2 / 7.0.2 Multiple Memory Corruption Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
memory corruption vulnerabilities.

Description :

The version of Safari installed on the remote Mac OS X host is a
version prior to 6.1.2 or 7.0.2. It is, therefore, potentially affected
by multiple, unspecified, memory corruption vulnerabilities in WebKit
that could lead to unexpected program termination or arbitrary code
execution.

See also :

http://support.apple.com/kb/HT6145
http://lists.apple.com/archives/security-announce/2014/Feb/msg00001.html
http://www.securityfocus.com/archive/1/531264/30/0/threaded

Solution :

For Mac OS X 10.9, upgrade to 10.9.2, which includes Safari 7.0.2.
Otherwise, upgrade to Safari 6.1.2.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 72689 ()

Bugtraq ID: 65778
65779
65780
65781

CVE ID: CVE-2013-6635
CVE-2014-1268
CVE-2014-1269
CVE-2014-1270