Detections
Analytics

Mac OS X : Apple Safari < 6.0.2 Multiple Vulnerabilities

critical Nessus Plugin ID 62802

Language:

Synopsis

The remote host contains a web browser that is affected by several vulnerabilities.

Description

The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0.2. It is, therefore, potentially affected by several issues :

 - A time-of-check-to-time-of-use issue in the handling of JavaScript array in WebKit could lead to arbitrary, remote code execution. (CVE-2012-3748)

 - A use-after-free issue in the handling of SVG images in WebKit code could lead to arbitrary, remote code execution. (CVE-2012-5112)

Solution

Upgrade to Apple Safari 6.0.2 or later.

See Also

http://www.zerodayinitiative.com/advisories/ZDI-13-009/

http://support.apple.com/kb/HT5568

http://lists.apple.com/archives/security-announce/2012/Nov/msg00001.html

http://www.securityfocus.com/archive/1/524579/30/0/threaded

Plugin Details

Severity: Critical

ID: 62802

File Name: macosx_Safari6_0_2.nasl

Version: 1.14

Type: local

Agent: macosx

Published: 11/2/2012

Updated: 12/4/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-5112

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/1/2012

Vulnerability Publication Date: 10/10/2012

Reference Information

CVE: CVE-2012-3748, CVE-2012-5112

BID: 55867, 56362