Mac OS X : Apple Safari < 6.0.2 Multiple Vulnerabilities

High Nessus Plugin ID 62802


The remote host contains a web browser that is affected by several vulnerabilities.


The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0.2. It is, therefore, potentially affected by several issues :

- A time-of-check-to-time-of-use issue in the handling of JavaScript array in WebKit could lead to arbitrary, remote code execution. (CVE-2012-3748)

- A use-after-free issue in the handling of SVG images in WebKit code could lead to arbitrary, remote code execution. (CVE-2012-5112)


Upgrade to Apple Safari 6.0.2 or later.

See Also

Plugin Details

Severity: High

ID: 62802

File Name: macosx_Safari6_0_2.nasl

Version: $Revision: 1.10 $

Type: local

Agent: macosx

Published: 2012/11/02

Modified: 2016/06/17

Dependencies: 31604

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:ND/RC:ND

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/11/01

Vulnerability Publication Date: 2012/10/10

Reference Information

CVE: CVE-2012-3748, CVE-2012-5112

BID: 55867, 56362

OSVDB: 86149, 86873

EDB-ID: 28081