Mac OS X : Apple Safari < 5.1 / 5.0.6

critical Nessus Plugin ID 55638

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.

Description

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.1. It is, therefore, affected by multiple vulnerabilities as described in the HT4808 security advisory.

Solution

Upgrade to Apple Safari 5.1 / 5.0.6 or later.

See Also

http://support.apple.com/kb/HT4808

http://lists.apple.com/archives/security-announce/2011/Jul/msg00002.html

Plugin Details

Severity: Critical

ID: 55638

File Name: macosx_Safari5_1.nasl

Version: 1.47

Type: local

Agent: macosx

Published: 7/21/2011

Updated: 7/3/2019

Dependencies: macosx_apple_safari_installed.nbin

Risk Information

CVSS Score Source: CVE-2010-1383

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*, cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/20/2011

Vulnerability Publication Date: 7/26/2010

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (Apple Safari Webkit libxslt Arbitrary File Creation)

ExploitHub (EH-11-678)

Reference Information

CVE: CVE-2011-1774, CVE-2011-0216, CVE-2011-0195, CVE-2011-0219, CVE-2011-0221, CVE-2011-0222, CVE-2010-1420, CVE-2011-1449, CVE-2011-0240, CVE-2011-0206, CVE-2011-0241, CVE-2011-1453, CVE-2011-1288, CVE-2010-3829, CVE-2011-0200, CVE-2011-0202, CVE-2011-0242, CVE-2011-0217, CVE-2011-0223, CVE-2011-0215, CVE-2011-1797, CVE-2011-0981, CVE-2011-0983, CVE-2011-0164, CVE-2011-0233, CVE-2011-1293, CVE-2011-1295, CVE-2011-1296, CVE-2011-0201, CVE-2011-1107, CVE-2011-1462, CVE-2011-0235, CVE-2011-0234, CVE-2011-0253, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-0237, CVE-2011-1457, CVE-2011-0214, CVE-2011-1451, CVE-2010-1383, CVE-2011-0232, CVE-2010-1823, CVE-2011-0204, CVE-2011-0218, CVE-2011-0225, CVE-2011-0238, CVE-2011-0244, CVE-2011-0254, CVE-2011-0255, CVE-2011-1188, CVE-2011-1190, CVE-2011-1203, CVE-2011-1204, CVE-2011-3443, CVE-2011-3438

BID: 48832, 46785, 47668, 46262, 46703, 47029, 48426, 48427, 48429, 48437, 43228, 46614, 47604, 48416, 48820, 48823, 48825, 48827, 48828, 48831, 48833, 48837, 48839, 48840, 48842, 48843, 48844, 48845, 48846, 48847, 48848, 48849, 48850, 48851, 48852, 48853, 48854, 48855, 48856, 48857, 48858, 48859, 48860, 47020, 45008, 51035, 78606

EDB-ID: 17575, 17993