icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Safari < 6.1.1 / 7.0.1 Multiple Vulnerabilities

Medium

Synopsis

The remote host contains a web browser that is affected by multiple security vulnerabilities.

Description

The remote host has Safari installed. Versions of Safari earlier than 6.1.1 or 7.0.1 are reportedly affected by the following vulnerabilities :

- A use-after-free error exists related to 'inline-block' rendering. (CVE-2013-2909) - Multiple, unspecified memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution. (CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5228) - Multiple information disclosure vulnerabilities exist due to an origin-validation error in which user information is auto-filled into a sub-frame from a different domain. (CVE-2013-5227)

Solution

For OS X Mavericks (v10.9) users, the upgrade to 10.9.1 includes the Safari 7.0.1 update. All others should upgrade to Safari 6.1.1 or later.