Mac OS X : Apple Safari < 6.1.2 / 7.0.2 Multiple Memory Corruption Vulnerabilities

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
memory corruption vulnerabilities.

Description :

The version of Apple Safari installed on the remote Mac OS X host is
a version prior to 6.1.2 or 7.0.2. It is, therefore, potentially
affected by multiple, unspecified, memory corruption vulnerabilities
in WebKit that could lead to unexpected program termination or
arbitrary code execution.

See also :

http://support.apple.com/kb/HT6145
http://lists.apple.com/archives/security-announce/2014/Feb/msg00001.html
http://www.securityfocus.com/archive/1/531264/30/0/threaded

Solution :

For Mac OS X 10.9, upgrade to 10.9.2, which includes Apple Safari
7.0.2. Otherwise, upgrade to Apple Safari 6.1.2.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 72689 ()

Bugtraq ID: 65778
65779
65780
65781

CVE ID: CVE-2013-6635
CVE-2014-1268
CVE-2014-1269
CVE-2014-1270