Mac OS X : Apple Safari < 9.1.3 WebKit Memory Corruption RCE

High Nessus Plugin ID 93593


A web browser installed on the remote host is affected by a remote code execution vulnerability.


The version of Apple Safari installed on the remote Mac OS X host is prior to 9.1.3. It is, therefore, affected by a remote code execution vulnerability in WebKit due to a memory corruption issue. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website, to cause a denial of service condition or execution of arbitrary code.


Upgrade to Apple Safari version 9.1.3 or later.

See Also

Plugin Details

Severity: High

ID: 93593

File Name: macosx_Safari9_1_3.nasl

Version: $Revision: 1.6 $

Type: local

Agent: macosx

Published: 2016/09/19

Modified: 2017/08/15

Dependencies: 31604

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/09/01

Vulnerability Publication Date: 2016/08/25

Reference Information

CVE: CVE-2016-4657

BID: 92653

OSVDB: 143464

APPLE-SA: APPLE-SA-2016-09-01-1