Mac OS X Multiple Vulnerabilities (Security Update 2007-006)

This script is Copyright (C) 2007-2011 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update which fixes a security
issue.

Description :

The remote host is running a version of Mac OS X 10.4 or 10.3 which
does not have the security update 2007-006 applied.

This update fixes security flaws in WebKit and WebCore which might
allow an attacker to execute arbitrary code on the remote host.

To execute arbitrary code, an attacker would need to lure a user of
the remote host into visiting a malicious website containing a
specially malformed html file which would trigger a buffer overflow.

See also :

http://docs.info.apple.com/article.html?artnum=305759

Solution :

Install the security update 2007-006 :

http://www.apple.com/support/downloads/securityupdate2007006universal.html

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 25566 (macosx_SecUpd2007-006.nasl)

Bugtraq ID: 24597
24598

CVE ID: CVE-2007-2401
CVE-2007-2399