Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Safari < 6.2.4 / 7.1.4 / 8.0.4 Multiple Vulnerabilities

Medium

Synopsis

The remote host is missing a critical Safari patch update.

Description

The version of Safari installed on the remote host is prior to 6.2.4 / 7.1.4 / 8.0.4, and is affected by multiple memory corruption vulnerabilities in WebKit due to improperly validated user-supplied input. A remote attacker, using a specially crafted website, can exploit these to execute arbitrary code. (CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1075, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083)

A flaw exists related to user interface inconsistency that allows an attacker to conduct phishing attacks by spoofing the URL. (CVE-2015-1084)

Solution

Upgrade to Safari 6.2.4 / 7.1.4 / 8.0.4 or later.