Mac OS X : Apple Safari < 6.1.4 / 7.0.4 Multiple Vulnerabilities

High Nessus Plugin ID 74139

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.1.4 or 7.0.4. It is, therefore, potentially affected by the following vulnerabilities :

- Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution.
(CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1324, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1731)

- An error exists related to unicode character handling in URLs that could allow an attacker send an incorrect 'postMessage' origin that could allow a security bypass.
(CVE-2014-1346)

Solution

Upgrade to Apple Safari 6.1.4 / 7.0.4 or later.

See Also

http://support.apple.com/kb/HT6254

http://www.securityfocus.com/archive/1/532186/30/0/threaded

Plugin Details

Severity: High

ID: 74139

File Name: macosx_Safari7_0_4.nasl

Version: 1.5

Type: local

Agent: macosx

Published: 2014/05/22

Updated: 2018/07/14

Dependencies: 31604

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/05/21

Vulnerability Publication Date: 2014/05/20

Reference Information

CVE: CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1324, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1346, CVE-2014-1731

BID: 61057, 63025, 67082, 67553, 67554, 67572

APPLE-SA: APPLE-SA-2014-05-21-1