Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_SAFARI10_0_2.NASL
HistoryDec 16, 2016 - 12:00 a.m.

macOS : Apple Safari < 10.0.2 Multiple Vulnerabilities

2016-12-1600:00:00
This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.0.2. It is, therefore, affected by multiple vulnerabilities :

  • Multiple remote code execution vulnerabilities exist in WebKit due to improper validation of user-supplied input and improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-4692, CVE-2016-7635, CVE-2016-7652)

  • Multiple information disclosure vulnerabilities exist in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to disclose memory contents. (CVE-2016-4743, CVE-2016-7656)

  • An information disclosure vulnerability exists in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose user information. (CVE-2016-7586)

  • Multiple remote code execution vulnerabilities exist in WebKit due to improper validation of user-supplied input and improper state management. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code.
    (CVE-2016-7587, CVE-2016-7589:, CVE-2016-7610, CVE-2016-7611, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7654)

  • An information disclosure vulnerability exists in WebKit due to improper handling of JavaScript prompts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code.
    (CVE-2016-7592)

  • An information disclosure vulnerability exists in WebKit due to the use of uninitialized memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose memory contents. (CVE-2016-7598)

  • An information disclosure vulnerability exists that is triggered when handling HTTP redirections. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose user information. (CVE-2016-7599)

  • An information disclosure vulnerability exists in WebKit due to improper validation of user-supplied input and blob URLs. An unauthenticated, remote attacker can exploit this, via a specially crafted blob URL, to disclose user information. (CVE-2016-7623)

  • A remote code execution vulnerability exists in WebKit due to improper validation of user-supplied input and improper state management. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-7632)

  • A cross-site scripting (XSS) vulnerability exists in Safari Reader due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to execute arbitrary script code in a user’s browser session. (CVE-2016-7650)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(95919);
  script_version("1.8");
  script_cvs_date("Date: 2020/01/07");

  script_cve_id(
    "CVE-2016-4692",
    "CVE-2016-4743",
    "CVE-2016-7586",
    "CVE-2016-7587",
    "CVE-2016-7589",
    "CVE-2016-7592",
    "CVE-2016-7598",
    "CVE-2016-7599",
    "CVE-2016-7610",
    "CVE-2016-7611",
    "CVE-2016-7623",
    "CVE-2016-7632",
    "CVE-2016-7635",
    "CVE-2016-7639",
    "CVE-2016-7640",
    "CVE-2016-7641",
    "CVE-2016-7642",
    "CVE-2016-7645",
    "CVE-2016-7646",
    "CVE-2016-7648",
    "CVE-2016-7649",
    "CVE-2016-7650",
    "CVE-2016-7652",
    "CVE-2016-7654",
    "CVE-2016-7656"
  );
  script_bugtraq_id(
    94907,
    94908,
    94909,
    94913,
    94915
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2016-12-13-2");

  script_name(english:"macOS : Apple Safari < 10.0.2 Multiple Vulnerabilities");
  script_summary(english:"Checks the Safari version.");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple Safari installed on the remote macOS or Mac OS X 
host is prior to 10.0.2. It is, therefore, affected by multiple
vulnerabilities :

  - Multiple remote code execution vulnerabilities exist in
    WebKit due to improper validation of user-supplied
    input and improper handling of objects in memory. An
    unauthenticated, remote attacker can exploit these
    vulnerabilities, by convincing a user to visit a
    specially crafted website, to corrupt memory and execute
    arbitrary code. (CVE-2016-4692, CVE-2016-7635,
    CVE-2016-7652)

  - Multiple information disclosure vulnerabilities exist
    in WebKit due to improper validation of user-supplied
    input. An unauthenticated, remote attacker can exploit
    these, by convincing a user to visit a specially crafted
    website, to disclose memory contents. (CVE-2016-4743,
    CVE-2016-7656)

  - An information disclosure vulnerability exists in WebKit
    due to improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to visit a specially crafted website,
    to disclose user information. (CVE-2016-7586)

  - Multiple remote code execution vulnerabilities exist in
    WebKit due to improper validation of user-supplied
    input and improper state management. An unauthenticated,
    remote attacker can exploit these vulnerabilities, by
    convincing a user to visit a specially crafted website,
    to corrupt memory and execute arbitrary code.
    (CVE-2016-7587, CVE-2016-7589:, CVE-2016-7610,
    CVE-2016-7611, CVE-2016-7639, CVE-2016-7640,
    CVE-2016-7641, CVE-2016-7642, CVE-2016-7645,
    CVE-2016-7646, CVE-2016-7648, CVE-2016-7649,
    CVE-2016-7654)

  - An information disclosure vulnerability exists in WebKit
    due to improper handling of JavaScript prompts. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to visit a specially crafted website,
    to corrupt memory and execute arbitrary code.
    (CVE-2016-7592)

  - An information disclosure vulnerability exists in WebKit
    due to the use of uninitialized memory. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to visit a specially crafted website,
    to disclose memory contents. (CVE-2016-7598)

  - An information disclosure vulnerability exists that is
    triggered when handling HTTP redirections. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to visit a specially crafted website,
    to disclose user information. (CVE-2016-7599)

  - An information disclosure vulnerability exists in WebKit
    due to improper validation of user-supplied input and
    blob URLs. An unauthenticated, remote attacker can
    exploit this, via a specially crafted blob URL, to
    disclose user information. (CVE-2016-7623)

  - A remote code execution vulnerability exists in WebKit
    due to improper validation of user-supplied
    input and improper state management. An unauthenticated,
    remote attacker can exploit this, by convincing a user
    to visit a specially crafted website, to cause a denial
    of service condition or the execution of arbitrary code.
    (CVE-2016-7632)

  - A cross-site scripting (XSS) vulnerability exists in
    Safari Reader due to improper validation of
    user-supplied input. An unauthenticated, remote attacker
    can exploit this, by convincing a user to follow a
    specially crafted link, to execute arbitrary script code
    in a user's browser session. (CVE-2016-7650)");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207421");
  # https://lists.apple.com/archives/security-announce/2016/Dec/msg00004.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?df6b83c6");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple Safari version 10.0.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7656");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_Safari31.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");

  exit(0);
}

include("vcf.inc");
include("vcf_extras_apple.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
vcf::apple::check_macos_restrictions(restrictions:['10.10', '10.11', '10.12']);

app_info = vcf::apple::get_safari_info();
constraints = [{ "fixed_version" : "10.0.2" }];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{"xss":TRUE});
VendorProductVersionCPE
applesafaricpe:/a:apple:safari

References

Related

openvas 11
apple 12
nessus 10
ubuntu 1
fedora 2
archlinux 1
mageia 1
suse 4
ubuntucve 24
debiancve 24
prion 25
cve 25
gentoo 1
zdi 2
openvas
openvas
Apple Safari Multiple Vulnerabilities-02 (Feb 2017)
2017-02-22 00:00:00
Apple iCloud Multiple Vulnerabilities (Feb 2017) - Windows
2017-02-28 00:00:00
Apple iTunes Multiple Vulnerabilities (Feb 2017) - Windows
2017-02-28 00:00:00
apple
apple
About the security content of iTunes 12.5.4 for Windows - Apple Support
2017-01-23 05:05:46
About the security content of iCloud for Windows 6.1 - Apple Support
2017-01-23 05:29:57
About the security content of iTunes 12.5.4 for Windows
2016-12-13 00:00:00
nessus
nessus
Apple iTunes < 12.5.4 Multiple Vulnerabilities (credentialed check)
2016-12-14 00:00:00
Apple iTunes < 12.5.4 Multiple Vulnerabilities (uncredentialed check)
2016-12-14 00:00:00
Fedora 24 : webkitgtk4 (2017-d317f6fb61)
2017-01-23 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2017-02-06 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: webkitgtk4-2.14.3-1.fc24
2017-01-21 20:21:09
[SECURITY] Fedora 25 Update: webkitgtk4-2.14.3-1.fc25
2017-01-20 18:11:24
archlinux
archlinux
[ASA-201701-27] webkit2gtk: multiple issues
2017-01-18 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2017-03-02 18:11:17
suse
suse
Security update for webkit2gtk3 (important)
2017-11-06 15:08:25
Security update for webkit2gtk3 (important)
2017-11-10 18:22:30
Security update for webkit2gtk3 (important)
2018-02-01 00:14:30
ubuntucve
ubuntucve
CVE-2016-7646
2017-02-20 00:00:00
CVE-2016-7587
2017-02-20 00:00:00
CVE-2016-7648
2017-02-20 00:00:00
debiancve
debiancve
CVE-2016-7649
2017-02-20 08:59:00
CVE-2016-7587
2017-02-20 08:59:00
CVE-2016-7610
2017-02-20 08:59:00
prion
prion
Memory corruption
2017-02-20 08:59:00
Memory corruption
2017-02-20 08:59:00
Memory corruption
2017-02-20 08:59:00
cve
cve
CVE-2016-7587
2017-02-20 08:59:00
CVE-2016-7649
2017-02-20 08:59:00
CVE-2016-7589
2017-02-20 08:59:00
gentoo
gentoo
WebKitGTK+: Multiple vulnerabilities
2017-06-07 00:00:00
zdi
zdi
Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability
2016-12-13 00:00:00
Apple Safari HTMLLabelElement Use-After-Free Remote Code Execution Vulnerability
2016-12-13 00:00:00
JSON
Related for MACOSX_SAFARI10_0_2.NASL
openvas11apple12nessus10ubuntu1fedora2archlinux1mageia1suse4ubuntucve24debiancve24prion25cve25gentoo1zdi2