macOS : Apple Safari < 10.1 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A web browser installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.

Description :

The version of Apple Safari installed on the remote macOS or Mac OS X
host is prior to 10.1. It is, therefore, affected by multiple
vulnerabilities :

- An out-of-bounds read error exists in WebKit when
handling certain JavaScript code. An unauthenticated,
remote attacker can exploit this to cause a denial of
service condition or the disclosure of memory contents.
(CVE-2016-9642)

- A denial of service vulnerability exists in WebKit when
handling certain regular expressions. An
unauthenticated, remote attacker can exploit this, via a
specially crafted web page, to exhaust available memory
resources. (CVE-2016-9643)

- Multiple information disclosure vulnerabilities exist
in WebKit when handling page loading due to improper
validation of certain input. An unauthenticated, remote
attacker can exploit these to disclose data
cross-origin. (CVE-2017-2364, CVE-2017-2367)

- An unspecified state management flaw exists that allows
an unauthenticated, remote attacker to spoof the address
bar. (CVE-2017-2376)

- A denial of service vulnerability exists in the Web
Inspector component when closing a window while the
debugger is paused. An unauthenticated, remote attacker
can exploit this to terminate the application.
(CVE-2017-2377)

- An unspecified flaw exists in WebKit when creating
bookmarks using drag-and-drop due to improper validation
of certain input. An unauthenticated, remote attacker
can exploit this, via a specially crafted link, to spoof
bookmarks or potentially execute arbitrary code.
(CVE-2017-2378)

- An information disclosure vulnerability exists in the
Login AutofFill component that allows a local attacker
to access keychain items. (CVE-2017-2385)

- Multiple information disclosure vulnerabilities exist
in WebKit when handling unspecified exceptions or
elements. An unauthenticated, remote attacker can
exploit these, via specially crafted web content, to
disclose data cross-origin. (CVE-2017-2386,
CVE-2017-2479, CVE-2017-2480)

- An unspecified flaw exists in the handling of HTTP
authentication that allows an unauthenticated, remote
attacker to disclose authentication sheets on arbitrary
websites or cause a denial of service condition.
(CVE-2017-2389)

- Multiple memory corruption issues exist in WebKit that
allow an unauthenticated, remote attacker to cause a
denial of service condition or the execution of
arbitrary code. (CVE-2017-2394, CVE-2017-2395,
CVE-2017-2396, CVE-2017-2433, CVE-2017-2454,
CVE-2017-2455, CVE-2017-2459, CVE-2017-2460,
CVE-2017-2464, CVE-2017-2465, CVE-2017-2466,
CVE-2017-2468, CVE-2017-2469, CVE-2017-2470,
CVE-2017-2476)

- A memory corruption issue exists in WebKit within the
Web Inspector component due to improper validation of
certain input. An unauthenticated, remote attacker can
exploit this to cause a denial of service condition or
the execution of arbitrary code. (CVE-2017-2405)

- An unspecified type confusion error exists that allows
an unauthenticated remote attacker to execute arbitrary
code by using specially crafted web content.
(CVE-2017-2415)

- A security bypass vulnerability exists in WebKit that
allows an unauthenticated, remote attacker to bypass the
Content Security Policy by using specially crafted web
content. (CVE-2017-2419)

- An unspecified flaw exists in WebKit when handling
OpenGL shaders that allows an unauthenticated, remote
attacker to disclose process memory content by using
specially crafted web content. (CVE-2017-2424)

- An information disclosure vulnerability exists in WebKit
JavaScript Bindings when handling page loading due to
unspecified logic flaws. An unauthenticated, remote
attacker can exploit this, via specially crafted web
content, to disclose data cross-origin. (CVE-2017-2442)

- A memory corruption issue exists in WebKit within the
CoreGraphics component due to improper validation of
certain input. An unauthenticated, remote attacker can
exploit this, via specially crafted web content, to
cause a denial of service condition or the execution of
arbitrary code. (CVE-2017-2444)

- A universal cross-site scripting (XSS) vulnerability
exists in WebKit when handling frame objects due to
improper validation of certain input. An
unauthenticated, remote attacker can exploit this, via
specially crafted web content, to execute arbitrary
script code in a user's browser session. (CVE-2017-2445)

- A flaw exists in WebKit due to non-strict mode functions
that are called from built-in strict mode scripts not
being properly restricted from calling sensitive native
functions. An unauthenticated, remote attacker can
exploit this, via specially crafted web content, to
execute arbitrary code. (CVE-2017-2446)

- An out-of-bounds read error exists in WebKit when
handling the bound arguments array of a bound function.
An unauthenticated, remote attacker can exploit this,
via specially crafted web content, to disclose memory
contents. (CVE-2017-2447)

- An unspecified flaw exists in FaceTime prompt handling
due to improper validation of certain input. An
unauthenticated, remote attacker can exploit this to
spoof user interface elements. (CVE-2017-2453)

- A use-after-free error exists in WebKit when handling
RenderBox objects. An unauthenticated, remote attacker
can exploit this, via specially crafted web content, to
dereference already freed memory, resulting in the
execution of arbitrary code. (CVE-2017-2463)

- An unspecified use-after-free error exists in WebKit
that allows an unauthenticated, remote attacker, via
specially crafted web content, to dereference already
freed memory, resulting in the execution of arbitrary
code. (CVE-2017-2471)

- A universal cross-site scripting (XSS) vulnerability
exists in WebKit when handling frames due to improper
validation of certain input. An unauthenticated, remote
attacker can exploit this, via specially crafted web
content, to execute arbitrary script code in a user's
browser session. (CVE-2017-2475)

- A use-after-free error exists in WebKit when handling
ElementData objects. An unauthenticated, remote attacker
can exploit this, via specially crafted web content, to
dereference already freed memory, resulting in the
execution of arbitrary code. (CVE-2017-2481)

- A use-after-free error exists in JavaScriptCore when
handling the String.replace() method. An
unauthenticated, remote attacker can exploit this to
deference already freed memory, resulting in the
execution of arbitrary code. (CVE-2017-2491)

- A universal cross-site scripting (XSS) vulnerability
exists in JavaScriptCore due to an unspecified prototype
flaw. An unauthenticated, remote attacker can exploit
this, via a specially crafted web page, to execute
arbitrary code in a user's browser session.
(CVE-2017-2492)

See also :

https://support.apple.com/en-us/HT207600
http://www.nessus.org/u?b6d82a85

Solution :

Upgrade to Apple Safari version 10.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false