Mac OS X : Safari < 6.1 Multiple Security Vulnerabilities

Medium

Synopsis

The remote host contains a web browser that is affected by multiple security vulnerabilities.

Description

The remote Mac OS X host has Safari installed. Versions of Safari earlier than 6.1 are reportedly affected by the following vulnerabilities:

- A bounds-checking issue exists related to handling XML files. (CVE-2013-1036)

- Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution. (CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)

- An error exists related to URL handling that could lead to information disclosure. (CVE-2013-2848)

- A cross-site scripting issue exists in WebKit's handling of URLs and drag-and-drop operations. (CVE-2013-5129, CVE-2013-5131)

- Using 'Web Inspector' could negate 'Private Browsing' protections leading to information disclosure. (CVE-2013-5130)

Solution

Upgrade to Safari 6.1 or later.