Mac OS X : Apple Safari < 6.1 Multiple Vulnerabilities

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote host contains a web browser that is affected by several

Description :

The version of Apple Safari installed on the remote Mac OS X 10.7 or
10.8 host is earlier than 6.1. It is, therefore, potentially affected
by several issues :

- A bounds-checking issue exists related to handling XML
files. (CVE-2013-1036)

- Multiple memory corruption vulnerabilities exist in
WebKit that could lead to unexpected program termination
or arbitrary code execution. (CVE-2013-1037,
CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,
CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,
CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,
CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,
CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)

- An error exists related to URL handling that could lead
to information disclosure. (CVE-2013-2848)

- A cross-site scripting issue exists in WebKit's handling
of URLs and drag-and-drop operations. (CVE-2013-5129,

- Using 'Web Inspector' could negate 'Private Browsing'
protections leading to information disclosure.

- An error exists related to the 'Reopen All Windows
from Last Session' feature that could allow a local
attacker to obtain plaintext user ID and password
information from the 'LastSession.plist' file.

See also :

Solution :

Upgrade to Apple Safari 6.1 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false