Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 8590


The remote host contains a web browser that is affected by multiple security vulnerabilities.


The version of Safari installed on the remote Mac OS X host is a version prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by the following vulnerabilities in WebKit :

- A UI spoofing flaw exists in the handling of scrollbar boundaries. Visiting websites that frame malicious content can allow the UI to be spoofed. (CVE-2014-1748)
- An SVG loaded in an IMG element could load a CSS file cross-origin. This can allow data exfiltration. (CVE-2014-4465)

- Multiple memory corruption errors exist in WebKit that could potentially be leveraged for arbitrary code execution. (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475)

Note that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the security content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more recent updates, however, were released to fix potential issues with the installation of the previous patch release.


Upgrade to Safari 8.0.2 or later. If version 8.0.x is not available, versions 7.1.2 and 6.2.2 are also patched for these issues.

See Also

Plugin Details

Severity: Medium

ID: 8590

Family: Web Clients

Published: 1/27/2015

Updated: 3/6/2019

Nessus ID: 80055

Risk Information


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Patch Publication Date: 12/11/2014

Vulnerability Publication Date: 4/2/2014

Reference Information

CVE: CVE-2014-1748, CVE-2014-4469, CVE-2014-4470, CVE-2014-4475, CVE-2014-4465, CVE-2014-4466, CVE-2014-4468, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474

BID: 71438, 71439, 71442, 71444, 71445, 71449, 71451, 71459, 71461, 71462, 71464