macOS : Apple Safari < 10.1.2 Multiple Vulnerabilities

high Nessus Plugin ID 101931

Synopsis

A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.

Description

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.1.2. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the WebKit component due to improper handling of SVG filters.
An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose sensitive cross-domain information. (CVE-2017-7006)

- An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof the address bar via a specially crafted website. (CVE-2017-7011)

- Multiple memory corruption issues exists in the 'WebKit Web Inspector' component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7012)

- Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)

- A memory corruption issue exists in the 'WebKit Page Loading' component due to improper validation of input.
An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)

- Multiple cross-site scripting (XSS) vulnerabilities exist in the WebKit component in the DOMParser due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these issue, via a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2017-7038, CVE-2017-7059)

- A denial of service vulnerability exists in the Safari Printing component. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to create an infinite number of print dialogs.
(CVE-2017-7060)

- An unspecified memory initialization flaw exists in WebKit. A local attacker can exploit this, via a specially crafted application, to disclose restricted memory. (CVE-2017-7064)

Solution

Upgrade to Apple Safari version 10.1.2 or later.

See Also

https://support.apple.com/en-us/HT207921

http://seclists.org/fulldisclosure/2017/Jul/39

Plugin Details

Severity: High

ID: 101931

File Name: macosx_Safari10_1_2.nasl

Version: 1.4

Type: local

Agent: macosx

Published: 7/24/2017

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/19/2017

Vulnerability Publication Date: 7/19/2017

Reference Information

CVE: CVE-2017-7006, CVE-2017-7011, CVE-2017-7012, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7059, CVE-2017-7060, CVE-2017-7061, CVE-2017-7064

BID: 99888, 99890, 99885, 99886, 99887

APPLE-SA: APPLE-SA-2017-07-19-5

ZDI: ZDI-17-489