macOS : Apple Safari < 10.0.1 Multiple Vulnerabilities

Medium Nessus Plugin ID 95411

Synopsis

A web browser installed on the remote Mac OS X or macOS host is affected by multiple vulnerabilities.

Description

The version of Apple Safari installed on the remote Mac OS X or macOS host is prior to 10.0.1. It is, therefore, affected by multiple vulnerabilities in WebKit :

- An unspecified flaw exists in state management due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose sensitive user information. (CVE-2016-4613)

- Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via specially crafted web content, to execute arbitrary code. (CVE-2016-4666, CVE-2016-4677, CVE-2016-7578)

Solution

Upgrade to Apple Safari version 10.0.1 or later.

See Also

https://support.apple.com/kb/HT207272

http://www.nessus.org/u?fe4ceff9

Plugin Details

Severity: Medium

ID: 95411

File Name: macosx_Safari10_0_1.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 2016/11/30

Updated: 2020/01/07

Dependencies: 31604

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2016-7578

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/10/24

Vulnerability Publication Date: 2016/10/24

Reference Information

CVE: CVE-2016-4613, CVE-2016-4666, CVE-2016-4677, CVE-2016-7578

BID: 93851, 93853, 93949

APPLE-SA: APPLE-SA-2016-10-24-3