Mac OS X : Apple Safari < 6.1.4 / 7.0.4 Multiple Vulnerabilities

high Nessus Plugin ID 74139

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.1.4 or 7.0.4. It is, therefore, potentially affected by the following vulnerabilities :

- Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution.
(CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1324, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1731)

- An error exists related to unicode character handling in URLs that could allow an attacker send an incorrect 'postMessage' origin that could allow a security bypass.
(CVE-2014-1346)

Solution

Upgrade to Apple Safari 6.1.4 / 7.0.4 or later.

See Also

http://support.apple.com/kb/HT6254

http://www.securityfocus.com/archive/1/532186/30/0/threaded

Plugin Details

Severity: High

ID: 74139

File Name: macosx_Safari7_0_4.nasl

Version: 1.6

Type: local

Agent: macosx

Published: 5/22/2014

Updated: 11/26/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-1731

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 5/21/2014

Vulnerability Publication Date: 5/20/2014

Reference Information

CVE: CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1324, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1346, CVE-2014-1731

BID: 61057, 63025, 67082, 67553, 67554, 67572

APPLE-SA: APPLE-SA-2014-05-21-1