Mac OS X : Apple Safari < 9.0.1 Multiple RCE

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has a web browser installed that is affected by
multiple remote code execution vulnerabilities.

Description :

The version of Apple Safari installed on the remote host is prior to
9.0.1. It is, therefore, affected by multiple memory corruption issues
in WebKit due to improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit these, via a crafted
website, to execute arbitrary code or possibly cause a denial of
service.

See also :

https://support.apple.com/en-us/HT205377
http://www.nessus.org/u?5234a069

Solution :

Upgrade to Apple Safari version 9.0.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.5
(CVSS2#E:U/RL:ND/RC:UR)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 86790 ()

Bugtraq ID: 77264
77267

CVE ID: CVE-2015-5928
CVE-2015-5929
CVE-2015-5930
CVE-2015-5931
CVE-2015-7002
CVE-2015-7011
CVE-2015-7012
CVE-2015-7013
CVE-2015-7014

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now