Mac OS X : Safari < 6.0.1 Multiple Vulnerabilities

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by several
vulnerabilities.

Description :

The version of Safari installed on the remote Mac OS X host is
earlier than 6.0.1. It is, therefore, potentially affected by several
issues :

- A logic error in Safari's handling of the Quarantine
attribute caused the safe mode not to be triggered on
Quarantined files, which could lead to the disclosure
of local file contents. (CVE-2012-3713)

- A rare condition in the handling of Form Autofill could
lead to the disclosure of information from the Address
Book 'Me' card that was not included in the Autofill
popover. (CVE-2012-3714)

- A logic issue in the handling of HTTPS URLs in the
address bar when pasting text could result in the
request being sent over HTTP. (CVE-2012-3715)

- Numerous issues exist in WebKit. (CVE-2011-3105 /
CVE-2012-2817 / CVE-2012-2818 / CVE-2012-2829 /
CVE-2012-2831 / CVE-2012-2842 / CVE-2012-2843 /
CVE-2012-3598 / CVE-2012-3601 / CVE-2012-3602 /
CVE-2012-3606 / CVE-2012-3607 / CVE-2012-3612 /
CVE-2012-3613 / CVE-2012-3614 / CVE-2012-3616 /
CVE-2012-3617 / CVE-2012-3621 / CVE-2012-3622 /
CVE-2012-3623 / CVE-2012-3624 / CVE-2012-3632 /
CVE-2012-3643 / CVE-2012-3647 / CVE-2012-3648 /
CVE-2012-3649 / CVE-2012-3651 / CVE-2012-3652 /
CVE-2012-3654 / CVE-2012-3657 / CVE-2012-3658 /
CVE-2012-3659 / CVE-2012-3660 / CVE-2012-3671 /
CVE-2012-3672 / CVE-2012-3673 / CVE-2012-3675 /
CVE-2012-3676 / CVE-2012-3677 / CVE-2012-3684 /
CVE-2012-3685 / CVE-2012-3687 / CVE-2012-3688 /
CVE-2012-3692 / CVE-2012-3699 / CVE-2012-3700 /
CVE-2012-3701 / CVE-2012-3702 / CVE-2012-3703 /
CVE-2012-3704 / CVE-2012-3705 / CVE-2012-3706 /
CVE-2012-3707 / CVE-2012-3708 / CVE-2012-3709 /
CVE-2012-3710 / CVE-2012-3711 / CVE-2012-3712)

See also :

http://support.apple.com/kb/HT5502
http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html

Solution :

Upgrade to Safari 6.0.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true