Mac OS X Multiple Vulnerabilities (Security Update 2007-006)

high Nessus Plugin ID 25566

Synopsis

The remote host is missing a Mac OS X update which fixes a security issue.

Description

The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-006 applied.

This update fixes security flaws in WebKit and WebCore which might allow an attacker to execute arbitrary code on the remote host.

To execute arbitrary code, an attacker would need to lure a user of the remote host into visiting a malicious website containing a specially malformed html file which would trigger a buffer overflow.

Solution

Install the security update 2007-006 :

http://www.apple.com/support/downloads/securityupdate2007006universal.html

See Also

http://docs.info.apple.com/article.html?artnum=305759

Plugin Details

Severity: High

ID: 25566

File Name: macosx_SecUpd2007-006.nasl

Version: 1.15

Type: local

Agent: macosx

Published: 6/25/2007

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.3, cpe:/o:apple:mac_os_x:10.4

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/21/2007

Vulnerability Publication Date: 6/21/2007

Reference Information

CVE: CVE-2007-2399, CVE-2007-2401

BID: 24597, 24598

CWE: 79