SynopsisThe remote host contains a web browser that is affected by multiple security vulnerabilities.
DescriptionThe version of Safari installed on the remote Mac OS X host is a version prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by the following vulnerabilities in WebKit :
- A UI spoofing flaw exists in the handling of scrollbar boundaries. Visiting websites that frame malicious content can allow the UI to be spoofed. (CVE-2014-1748)
- An SVG loaded in an IMG element could load a CSS file cross-origin. This can allow data exfiltration. (CVE-2014-4465)
- Multiple memory corruption errors exist in WebKit that could potentially be leveraged for arbitrary code execution. (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475)
Note that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the security content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more recent updates, however, were released to fix potential issues with the installation of the previous patch release.
SolutionUpgrade to Safari 8.0.2 or later. If version 8.0.x is not available, versions 7.1.2 and 6.2.2 are also patched for these issues.