Mac OS X : Apple Safari < 10.0 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A web browser installed on the remote host is affected by multiple
vulnerabilities.

Description :

The version of Apple Safari installed on the remote Mac OS X or macOS
host is prior to 10.0. It is, therefore, affected by multiple
vulnerabilities :

- Multiple memory corruption issues exist in WebKit that
allow an unauthenticated, remote attacker to cause a
denial of service condition or execute arbitrary code
via specially a crafted website. (CVE-2016-4611,
CVE-2016-4729, CVE-2016-4730, CVE-2016-4731,
CVE-2016-4734, CVE-2016-4735, CVE-2016-4737,
CVE-2016-4759, CVE-2016-4762, CVE-2016-4766,
CVE-2016-4767, CVE-2016-4768, CVE-2016-4769)

- A cross-site scripting (XSS) vulnerability exists in the
Reader feature due to improper validation of
user-supplied input before returning it to users. An
unauthenticated, remote attacker can exploit this, by
convincing a user to follow a specially crafted link, to
execute arbitrary script code in a user's browser
session. (CVE-2016-4618)

- A flaw exists in WebKit due to improper handling of
error prototypes. An unauthenticated, remote attacker
can exploit this, via a specially crafted website, to
execute arbitrary code. (CVE-2016-4728)

- Multiple flaws exist in WebKit due to improper state
management. An unauthenticated, remote attacker
can exploit this, via a specially crafted website, to
cause a denial of service condition or the execution of
arbitrary code. (CVE-2016-4733, CVE-2016-4765)

- An address bar spoofing vulnerability exists due to a
state management flaw related to sessions in tabs. An
unauthenticated, remote attacker can exploit this, via a
specially crafted website, to spoof an address in the
address bar. (CVE-2016-4751)

- A flaw exists in WebKit due to improper handling of the
location variable. An unauthenticated, remote attacker
can exploit this, via a crafted website, to disclose
sensitive information. (CVE-2016-4758)

- A flaw exists in WebKit that allows an unauthenticated,
remote attacker to conduct DNS rebinding attacks against
non-HTTP Safari sessions by leveraging HTTP/0.9 support.
(CVE-2016-4760)

- A flaw exists in WebKit in the WKWebView component due
to improper validation of X.509 certificates from HTTPS
servers. A man-in-the-middle attacker can exploit this,
via a crafted certificate, to disclose sensitive
information. (CVE-2016-4763)

See also :

https://support.apple.com/en-us/HT207157
http://www.nessus.org/u?1c557615

Solution :

Upgrade to Apple Safari version 10.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.9
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false