Detections
Analytics
Mac OS X : Apple Safari < 6.2 / 7.1 Multiple Vulnerabilities
high Nessus Plugin ID 77747
Language:
Synopsis
The remote host contains a web browser that is affected by multiple vulnerabilities.Description
The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2 or 7.1. It is, therefore, affected by the following vulnerabilities :- An error exists related to saved passwords and the incorrect automatic filling of HTML forms. A remote attacker can exploit this to obtain sensitive information. (CVE-2014-4363)
- Multiple memory corruption errors exist related to the included version of WebKit that can allow application crashes or arbitrary code execution.
(CVE-2013-6663, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415)
- An error exists related to HTML5 application cache data handling and the included version of WebKit that allows the disclosure of sensitive information from private browsing sessions. (CVE-2014-4409)
Solution
Upgrade to Apple Safari 6.2 / 7.1 or later.See Also
Plugin Details
Severity: High
ID: 77747
File Name: macosx_Safari7_1.nasl
Version: 1.9
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 9/18/2014
Updated: 11/25/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2013-6663
Vulnerability Information
CPE: cpe:/a:apple:safari
Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Safari/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 9/17/2014
Vulnerability Publication Date: 9/17/2014
Reference Information
CVE: CVE-2013-6663, CVE-2014-4363, CVE-2014-4409, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415
BID: 69881, 69909, 69937, 69966, 69970, 69973, 69974, 69975, 69976, 69984
APPLE-SA: APPLE-SA-2014-09-17-4