Safari < 10.0.2 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9864
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host has a web browser installed that is affected by multiple attack vectors.

Description

Versions of Safari prior to 10.0.2 are affected by multiple vulnerabilities :

- A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the Safari Reader feature does not properly validate certain input before returning it to users. This may allow a context-dependent attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website.
- An unspecified flaw exists that is triggered as certain input is not properly validated. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code.
- An unspecified flaw exists that is triggered as certain input is not properly validated. With a specially crafted web page, a context-dependent attacker can potentially disclose memory contents.
- An unspecified flaw exists that is triggered as certain input is not properly validated. With a specially crafted web page, a context-dependent attacker can potentially disclose certain user information.
- A use-after-free error exists in the handling of 'RenderObject' objects. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
- A use-after-free error exists in the handling of 'HTMLLabelElement' objects. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
- A flaw exists that is triggered when handling JavaScript prompts. With a specially crafted web page, a context-dependent attacker can disclose unspecified user information.
- A flaw exists related to use of uninitialized memory. With a specially crafted web page, a context-dependent attacker can potentially disclose memory contents.
- A flaw exists that is triggered when handling HTTP redirects. With specially crafted web contents, a context-dependent attacker can disclose unspecified user information.
- An unspecified flaw exists that is triggered as certain input is not properly validated. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code.

Solution

Upgrade to Safari version 10.0.2 or later.

See Also

https://support.apple.com/en-us/HT207422

https://support.apple.com/en-us/HT207425

https://support.apple.com/en-us/HT207421

https://support.apple.com/en-us/HT207424

https://support.apple.com/en-us/HT207427

Plugin Details

Severity: Medium

ID: 9864

Family: Web Clients

Published: 1/12/2017

Updated: 3/6/2019

Dependencies: 3705

Nessus ID: 95919

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Patch Publication Date: 12/13/2016

Vulnerability Publication Date: 12/13/2016

Reference Information

CVE: CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7641, CVE-2016-7645, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656, CVE-2016-7650, CVE-2016-7611, CVE-2016-7640, CVE-2016-7642, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649

BID: 94907, 94908, 94909, 94915