Mac OS X : Apple Safari < 6.2.8 / 7.1.8 / 8.0.8 Multiple Vulnerabilities

medium Nessus Plugin ID 85446

Language:

Synopsis

The web browser installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Apple Safari installed on the remote Mac OS X host is prior to 6.2.8 / 7.1.8 / 8.0.8. It is, therefore, affected by the following vulnerabilities :

 - An unspecified flaw exists that allows an attacker to spoof UI elements by using crafted web pages.
 (CVE-2015-3729)

 - Multiple memory corruption flaws exist in WebKit due to improper validation of user-supplied input. An attacker can exploit these, by using a crafted web page, to execute arbitrary code. (CVE-2015-3730, CVE-2015-3731 CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749)

 - A security policy bypass vulnerability exists in WebKit related to handling Content Security Policy report requests. An attacker can exploit this to bypass the HTTP Strict Transport Security policy. (CVE-2015-3750)

 - A security policy bypass vulnerability exists in WebKit that allows websites to use video controls to load images nested in object elements in violation of Content Security Policy directives. (CVE-2015-3751)

 - An information disclosure vulnerability exists in WebKit related to how cookies are added to Content Security Policy report requests, which results in cookies being exposed to cross-origin requests. Also, cookies set during regular browsing are sent during private browsing. (CVE-2015-3752)

 - An information disclosure vulnerability exists in the WebKit Canvas component when images are called using URLs that redirect to a data:image resource. An attacker, using a malicious website, can exploit this to disclose image data cross-origin. (CVE-2015-3753)

 - An information disclosure vulnerability exists in WebKit page loading where the caching of HTTP authentication credentials entered in private browsing mode were carried over into regular browsing, resulting in a user's private browsing history being exposed. (CVE-2015-3754)

 - A flaw in the WebKit process model allows a malicious website to display an arbitrary URL, which can allow user interface spoofing. (CVE-2015-3755)

Solution

Upgrade to Apple Safari 6.2.8 / 7.1.8 / 8.0.8 or later.

See Also

https://support.apple.com/en-us/HT205033

Plugin Details

Severity: Medium

ID: 85446

File Name: macosx_Safari8_0_8.nasl

Version: 1.4

Type: local

Agent: macosx

Published: 8/17/2015

Updated: 7/14/2018

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 8/13/2015

Vulnerability Publication Date: 8/13/2015

Reference Information

CVE: CVE-2015-3729, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753, CVE-2015-3754, CVE-2015-3755

BID: 76338, 76339, 76341, 76342, 76344