SynopsisThe remote host has a web browser installed that is affected by multiple vulnerabilities.
DescriptionThe version of Apple Safari installed on the remote Mac OS X host is prior to 9.1.1. It is, therefore, affected by the following vulnerabilities :
- An information disclosure vulnerability exists due to a failure to completely delete a user's browser history when using the 'Clear History and Website Data' action.
An attacker can exploit this to disclose sensitive information. (CVE-2016-1849)
- Multiple memory corruption issues exist in WebKit due to improper validation of user-supplied input. A remote attacker, via a specially crafted website, can exploit these issues to execute arbitrary code. (CVE-2016-1854, CVE-2016-1855, CVE-2016-1856, CVE-2016-1857, CVE-2016-1859)
- An information disclosure vulnerability exists in WebKit due to insufficient taint tracking. A remote attacker can exploit this, via a specially crafted SVG image, to disclose information from another website.
SolutionUpgrade to Apple Safari version 9.1.1 or later.