macOS : Apple Safari < 10.0.1 Multiple Vulnerabilities

high Nessus Plugin ID 95411

Synopsis

A web browser installed on the remote Mac OS X or macOS host is affected by multiple vulnerabilities.

Description

The version of Apple Safari installed on the remote Mac OS X or macOS host is prior to 10.0.1. It is, therefore, affected by multiple vulnerabilities in WebKit :

- An unspecified flaw exists in state management due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose sensitive user information. (CVE-2016-4613)

- Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via specially crafted web content, to execute arbitrary code. (CVE-2016-4666, CVE-2016-4677, CVE-2016-7578)

Solution

Upgrade to Apple Safari version 10.0.1 or later.

See Also

https://support.apple.com/kb/HT207272

http://www.nessus.org/u?fe4ceff9

Plugin Details

Severity: High

ID: 95411

File Name: macosx_Safari10_0_1.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 11/30/2016

Updated: 1/7/2020

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2016-7578

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 10/24/2016

Vulnerability Publication Date: 10/24/2016

Reference Information

CVE: CVE-2016-4613, CVE-2016-4666, CVE-2016-4677, CVE-2016-7578

BID: 93851, 93853, 93949

APPLE-SA: APPLE-SA-2016-10-24-3