Mac OS X : Apple Safari < 5.1.10 Memory Corruptions

Medium Nessus Plugin ID 69879

Synopsis

The remote host contains a web browser that is affected by two memory corruption vulnerabilities.

Description

The version of Apple Safari installed on the remote Mac OS X 10.6 host is earlier than 5.1.10. It is, therefore, potentially affected by two memory corruption vulnerabilities in JavaScriptCore's JSArray::sort() method. By tricking a user into visiting a malicious website, an attacker could leverage these issues to cause an application crash or to execute arbitrary code.

Solution

Upgrade to Apple Safari 5.1.10 or later.

See Also

http://www.zerodayinitiative.com/advisories/ZDI-13-009/

http://support.apple.com/kb/HT5921

http://lists.apple.com/archives/security-announce/2013/Sep/msg00003.html

http://www.securityfocus.com/archive/1/528595/30/0/threaded

Plugin Details

Severity: Medium

ID: 69879

File Name: macosx_Safari5_1_10.nasl

Version: 1.9

Type: local

Agent: macosx

Published: 2013/09/13

Updated: 2018/07/16

Dependencies: 31604

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/09/12

Vulnerability Publication Date: 2012/11/01

Reference Information

CVE: CVE-2012-3748, CVE-2013-0997

BID: 56362, 59958

APPLE-SA: APPLE-SA-2013-09-12-2