SynopsisThe remote host has a web browser installed that is affected by multiple vulnerabilities.
DescriptionThe version of Apple Safari installed on the remote Mac OS X host is prior to 9.0.3. It is, therefore, affected by the following vulnerabilities :
- Multiple memory corruption vulnerabilities exist in WebKit due to improper validation of user-supplied input. A remote attacker, via a specially crafted website, can exploit these issues to execute arbitrary code or cause a denial of service. (CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727)
- A flaw exists in the Cascading Style Sheets (CSS) implementation in WebKit CSS when handling the 'a:visited button' CSS selector while evaluating the height of the containing element. A remote attacker can exploit this, via a crafted website, to obtain sensitive browser history information. (CVE-2016-1728)
SolutionUpgrade to Apple Safari version 9.0.3 or later.