Detections
Analytics
Apple Safari 16.3 Multiple Vulnerabilities (120946)
high Nessus Plugin ID 212174
Language:
Synopsis
The remote host is missing one or more security updates.Description
The version of Apple Safari installed on the remote host is prior to 16.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 120946 advisory.- The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2 and iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2023-23496)
- The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3.
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2023-23517, CVE-2023-23518)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Apple Safari version 16.3 or later.See Also
Plugin Details
Severity: High
ID: 212174
File Name: macos_safari_120946.nasl
Version: 1.1
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 12/9/2024
Updated: 12/9/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2023-23518
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:apple:safari
Required KB Items: installed_sw/Apple Safari, Host/MacOSX/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 1/23/2023
Vulnerability Publication Date: 1/26/2023