icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons

Safari < 6.1 Multiple Security Vulnerabilities

Medium

Synopsis

The remote host contains a web browser that is affected by multiple security vulnerabilities.

Description

The remote host has Safari installed. Versions of Safari earlier than 6.1 are reportedly affected by the following vulnerabilities :

- A bounds-checking issue exists related to handling XML files. (CVE-2013-1036) - Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution. (CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128) - An error exists related to URL handling that could lead to information disclosure. (CVE-2013-2848) - A cross-site scripting issue exists in WebKit's handling of URLs and drag-and-drop operations. (CVE-2013-5129, CVE-2013-5131) - Using 'Web Inspector' could negate 'Private Browsing' protections leading to information disclosure. (CVE-2013-5130)

Solution

Upgrade to Safari 6.1 or later.