Safari < 10.0.2 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 9864

Synopsis

The remote host has a web browser installed that is affected by multiple attack vectors.

Description

Versions of Safari prior to 10.0.2 are affected by multiple vulnerabilities :

- A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the Safari Reader feature does not properly validate certain input before returning it to users. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. (OSVDB 148669)
- An unspecified flaw exists that is triggered as certain input is not properly validated. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (OSVDB 148670, OSVDB 148671, OSVDB 148672, OSVDB 148676, OSVDB 148679, OSVDB 148680, OSVDB 148681, OSVDB 148682, OSVDB 148683, OSVDB 148684, OSVDB 148685, OSVDB 148686, OSVDB 148687, OSVDB 148688)
- An unspecified flaw exists that is triggered as certain input is not properly validated. With a specially crafted web page, a context-dependent attacker can potentially disclose memory contents. (OSVDB 148673, OSVDB 148674)
- An unspecified flaw exists that is triggered as certain input is not properly validated. With a specially crafted web page, a context-dependent attacker can potentially disclose certain user information. (OSVDB 148675)
- A use-after-free error exists in the handling of 'RenderObject' objects. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 148677)
- A use-after-free error exists in the handling of 'HTMLLabelElement' objects. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (OSVDB 148678)
- A flaw exists that is triggered when handling JavaScript prompts. With a specially crafted web page, a context-dependent attacker can disclose unspecified user information. (OSVDB 148689)
- A flaw exists related to use of uninitialized memory. With a specially crafted web page, a context-dependent attacker can potentially disclose memory contents. (OSVDB 148690)
- A flaw exists that is triggered when handling HTTP redirects. With specially crafted web contents, a context-dependent attacker can disclose unspecified user information. (OSVDB 148691)
- An unspecified flaw exists that is triggered as certain input is not properly validated. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (OSVDB 148692)

Solution

Upgrade to Safari version 10.0.2 or later.

See Also

https://support.apple.com/en-us/HT207421

https://support.apple.com/en-us/HT207422

https://support.apple.com/en-us/HT207424

https://support.apple.com/en-us/HT207425

https://support.apple.com/en-us/HT207427

Plugin Details

Severity: Medium

ID: 9864

File Name: 9864.prm

Family: Web Clients

Published: 2017/01/12

Modified: 2017/01/12

Dependencies: 3705

Nessus ID: 95919

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.3

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Patch Publication Date: 2016/12/13

Vulnerability Publication Date: 2016/12/13

Reference Information

CVE: CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7650, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656

BID: 94907, 94908, 94909, 94915

OSVDB: 148669, 148670, 148671, 148672, 148673, 148674, 148675, 148676, 148677, 148678, 148679, 148680, 148681, 148682, 148683, 148684, 148685, 148686, 148687, 148688, 148689, 148690, 148691, 148692