Mac OS X : Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Safari installed on the remote Mac OS X host is a
version prior to 6.1.3 or 7.0.3. It is, therefore, potentially
affected by the following vulnerabilities related to the included
WebKit components :

- Unspecified errors exist that could allow memory
corruption, application crashes and possibly arbitrary
code execution. (CVE-2013-2871, CVE-2013-2926,
CVE-2013-2928, CVE-2013-6625, CVE-2014-1289,
CVE-2014-1290, CVE-2014-1291, CVE-2014-1292,
CVE-2014-1293, CVE-2014-1294, CVE-2014-1298,
CVE-2014-1299, CVE-2014-1300, CVE-2014-1301,
CVE-2014-1302, CVE-2014-1303, CVE-2014-1304,
CVE-2014-1305, CVE-2014-1307, CVE-2014-1308,
CVE-2014-1309, CVE-2014-1310, CVE-2014-1311,
CVE-2014-1312, CVE-2014-1313, CVE-2014-1713)

- An error exists related to IPC messages and 'WebProcess'
that could allow an attacker to read arbitrary files.
(CVE-2014-1297)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-14-057/
http://support.apple.com/kb/HT6181
http://www.securityfocus.com/archive/1/531708/30/0/threaded

Solution :

Upgrade to Safari 6.1.3 / 7.0.3 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true