This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote host contains a web browser that is affected by multiple
The version of Apple Safari installed on the remote Mac OS X host is
prior to 6.2.5 / 7.1.5 / 8.0.5. It is, therefore, affected by the
following vulnerabilities :
- A flaw exists in the state management which can result
in the user's browser history not being fully purged
from 'history.plist'. (CVE-2015-1112)
- Multiple memory corruption vulnerabilities exist in
WebKit due to improperly validated user-supplied input.
A remote attacker, using a specially crafted website,
can exploit these issues to execute arbitrary code.
(CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
- A flaw exists in Webkit when handling credentials for
FTP URLs. A remote attacker, using a specially crafted
website, can cause the resources of another origin to
be accessed. (CVE-2015-1126)
- A flaw exists in the state management which can cause a
user's browsing history to be indexed while in private
mode. An attacker can use this to gain information on
the sites that were visited. (CVE-2015-1127)
- A flaw exists with push notification requests while in
private browsing mode that can reveal a user's browsing
history when responding to notifications.
- A flaw in client certificate matching allows a remote
attacker, using a specially crafted website, to track a
user's web traffic. (CVE-2015-1129)
See also :
Upgrade to Apple Safari 6.2.5 / 7.1.5 / 8.0.5 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 82711 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now