Mac OS X : Safari < 6.1 Multiple Vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by several
vulnerabilities.

Description :

The version of Safari installed on the remote Mac OS X 10.7 or 10.8
host is earlier than 6.1. It is, therefore, potentially affected by
several issues :

- A bounds-checking issue exists related to handling XML
files. (CVE-2013-1036)

- Multiple memory corruption vulnerabilities exist in
WebKit that could lead to unexpected program termination
or arbitrary code execution. (CVE-2013-1037,
CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,
CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,
CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,
CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,
CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)

- An error exists related to URL handling that could lead
to information disclosure. (CVE-2013-2848)

- A cross-site scripting issue exists in WebKit's handling
of URLs and drag-and-drop operations. (CVE-2013-5129,
CVE-2013-5131)

- Using 'Web Inspector' could negate 'Private Browsing'
protections leading to information disclosure.
(CVE-2013-5130)

- An error exists related to the 'Reopen All Windows
from Last Session' feature that could allow a local
attacker to obtain plaintext user ID and password
information from the 'LastSession.plist' file.
(CVE-2013-7127)

See also :

http://support.apple.com/kb/HT6000
http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html
http://www.securelist.com/en/blog/8168/Loophole_in_Safari

Solution :

Upgrade to Safari 6.1 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false