Mac OS X : Safari < 6.1.2 / 7.0.2 Multiple Vulnerabilities

Medium

Synopsis

The remote host contains a web browser that is affected by multiple security vulnerabilities.

Description

The remote Mac OS X host has Safari installed that is older than 6.1.2 or 7.0.2, which means it is not patched for the following WebKit vulnerabilities:

- Unspecified memory-corruption vulnerabilities that could be leveraged to execute arbitrary code, or cause denial of service. (CVE-2014-1268, CVE-2014-1269, CVE-2014-1270)

- Use-after-free error in the 'ReplaceSelectionCommand' file which can be leveraged to execute arbitrary code, or cause denial of service (CVE-2013-6635)

Solution

OS X Mavericks (v10.9) users should upgrade to 10.9.2, which includes the Safari 7.0.2 update. All others should upgrade to Safari 6.1.2 or later.