Mac OS X : Apple Safari < 6.2.5 / 7.1.5 / 8.0.5 Multiple Vulnerabilities

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Apple Safari installed on the remote Mac OS X host is
prior to 6.2.5 / 7.1.5 / 8.0.5. It is, therefore, affected by the
following vulnerabilities :

- A flaw exists in the state management which can result
in the user's browser history not being fully purged
from 'history.plist'. (CVE-2015-1112)

- Multiple memory corruption vulnerabilities exist in
WebKit due to improperly validated user-supplied input.
A remote attacker, using a specially crafted website,
can exploit these issues to execute arbitrary code.
(CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124)

- A flaw exists in Webkit when handling credentials for
FTP URLs. A remote attacker, using a specially crafted
website, can cause the resources of another origin to
be accessed. (CVE-2015-1126)

- A flaw exists in the state management which can cause a
user's browsing history to be indexed while in private
mode. An attacker can use this to gain information on
the sites that were visited. (CVE-2015-1127)

- A flaw exists with push notification requests while in
private browsing mode that can reveal a user's browsing
history when responding to notifications.
(CVE-2015-1128)

- A flaw in client certificate matching allows a remote
attacker, using a specially crafted website, to track a
user's web traffic. (CVE-2015-1129)

See also :

https://support.apple.com/en-us/HT204658
http://www.nessus.org/u?792fcba9

Solution :

Upgrade to Apple Safari 6.2.5 / 7.1.5 / 8.0.5 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now