Apple Safari < 10.1 Multiple Vulnerabilities. Out-of-bounds read error, denial of service, information disclosure, state management flaw, memory corruption, security bypass, JavaScript code vulnerability, denial of service in Web Inspector, type confusion error
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Ubuntu | WebKitGTK+ vulnerabilities | 10 Apr 201700:00 | – | ubuntu |
Tenable Nessus | Ubuntu 16.04 LTS : WebKitGTK+ vulnerabilities (USN-3257-1) | 11 Apr 201700:00 | – | nessus |
Tenable Nessus | Safari < 10.1 Multiple Vulnerabilities | 31 Mar 201700:00 | – | nessus |
Tenable Nessus | Apple iOS < 10.3 Multiple Vulnerabilities | 31 Mar 201700:00 | – | nessus |
Tenable Nessus | iTunes < 12.6 Multiple Vulnerabilities | 17 May 201700:00 | – | nessus |
Tenable Nessus | Apple TV < 10.2 Multiple Vulnerabilities | 2 Apr 201700:00 | – | nessus |
Tenable Nessus | Apple TV < 10.2 Multiple Vulnerabilities | 10 Apr 201700:00 | – | nessus |
Tenable Nessus | GLSA-201706-15 : WebKitGTK+: Multiple vulnerabilities | 8 Jun 201700:00 | – | nessus |
OpenVAS | Ubuntu: Security Advisory (USN-3257-1) | 11 Apr 201700:00 | – | openvas |
OpenVAS | Apple Safari Multiple Vulnerabilities (HT207600) | 31 Mar 201700:00 | – | openvas |
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(99167);
script_version("1.7");
script_cvs_date("Date: 2019/07/03 12:01:40");
script_cve_id(
"CVE-2016-9642",
"CVE-2016-9643",
"CVE-2017-2364",
"CVE-2017-2367",
"CVE-2017-2376",
"CVE-2017-2377",
"CVE-2017-2378",
"CVE-2017-2385",
"CVE-2017-2386",
"CVE-2017-2389",
"CVE-2017-2392",
"CVE-2017-2394",
"CVE-2017-2395",
"CVE-2017-2396",
"CVE-2017-2405",
"CVE-2017-2415",
"CVE-2017-2419",
"CVE-2017-2424",
"CVE-2017-2433",
"CVE-2017-2442",
"CVE-2017-2444",
"CVE-2017-2445",
"CVE-2017-2446",
"CVE-2017-2447",
"CVE-2017-2453",
"CVE-2017-2454",
"CVE-2017-2455",
"CVE-2017-2457",
"CVE-2017-2459",
"CVE-2017-2460",
"CVE-2017-2463",
"CVE-2017-2464",
"CVE-2017-2465",
"CVE-2017-2466",
"CVE-2017-2468",
"CVE-2017-2469",
"CVE-2017-2470",
"CVE-2017-2471",
"CVE-2017-2475",
"CVE-2017-2476",
"CVE-2017-2479",
"CVE-2017-2480",
"CVE-2017-2481",
"CVE-2017-2486",
"CVE-2017-2491",
"CVE-2017-2492",
"CVE-2017-2493",
"CVE-2017-7071"
);
script_bugtraq_id(
100613,
94554,
94559,
95725,
97129,
97130,
97131,
97133,
97136,
97140,
97143,
97147,
97176,
98316,
98700
);
script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-27-2");
script_name(english:"macOS : Apple Safari < 10.1 Multiple Vulnerabilities");
script_summary(english:"Checks the Safari version.");
script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Apple Safari installed on the remote macOS or Mac OS X
host is prior to 10.1. It is, therefore, affected by multiple
vulnerabilities:
- An out-of-bounds read error exists in WebKit when
handling certain JavaScript code. An unauthenticated,
remote attacker can exploit this to cause a denial of
service condition or the disclosure of memory contents.
(CVE-2016-9642)
- A denial of service vulnerability exists in WebKit when
handling certain regular expressions. An
unauthenticated, remote attacker can exploit this, via a
specially crafted web page, to exhaust available memory
resources. (CVE-2016-9643)
- Multiple information disclosure vulnerabilities exist
in WebKit when handling page loading due to improper
validation of certain input. An unauthenticated, remote
attacker can exploit these to disclose data
cross-origin. (CVE-2017-2364, CVE-2017-2367)
- An unspecified state management flaw exists that allows
an unauthenticated, remote attacker to spoof the address
bar. (CVE-2017-2376)
- A denial of service vulnerability exists in the Web
Inspector component when closing a window while the
debugger is paused. An unauthenticated, remote attacker
can exploit this to terminate the application.
(CVE-2017-2377)
- An unspecified flaw exists in WebKit when creating
bookmarks using drag-and-drop due to improper validation
of certain input. An unauthenticated, remote attacker
can exploit this, via a specially crafted link, to spoof
bookmarks or potentially execute arbitrary code.
(CVE-2017-2378)
- An information disclosure vulnerability exists in the
Login AutofFill component that allows a local attacker
to access keychain items. (CVE-2017-2385)
- Multiple information disclosure vulnerabilities exist
in WebKit when handling unspecified exceptions or
elements. An unauthenticated, remote attacker can
exploit these, via specially crafted web content, to
disclose data cross-origin. (CVE-2017-2386,
CVE-2017-2479, CVE-2017-2480)
- An unspecified flaw exists in the handling of HTTP
authentication that allows an unauthenticated, remote
attacker to disclose authentication sheets on arbitrary
websites or cause a denial of service condition.
(CVE-2017-2389)
- Multiple memory corruption issues exist in WebKit that
allow an unauthenticated, remote attacker to cause a
denial of service condition or the execution of
arbitrary code. (CVE-2017-2394, CVE-2017-2395,
CVE-2017-2396, CVE-2017-2433, CVE-2017-2454,
CVE-2017-2455, CVE-2017-2459, CVE-2017-2460,
CVE-2017-2464, CVE-2017-2465, CVE-2017-2466,
CVE-2017-2468, CVE-2017-2469, CVE-2017-2470,
CVE-2017-2476)
- A memory corruption issue exists in WebKit within the
Web Inspector component due to improper validation of
certain input. An unauthenticated, remote attacker can
exploit this to cause a denial of service condition or
the execution of arbitrary code. (CVE-2017-2405)
- An unspecified type confusion error exists that allows
an unauthenticated remote attacker to execute arbitrary
code by using specially crafted web content.
(CVE-2017-2415)
- A security bypass vulnerability exists in WebKit that
allows an unauthenticated, remote attacker to bypass the
Content Security Policy by using specially crafted web
content. (CVE-2017-2419)
- An unspecified flaw exists in WebKit when handling
OpenGL shaders that allows an unauthenticated, remote
attacker to disclose process memory content by using
specially crafted web content. (CVE-2017-2424)
- An information disclosure vulnerability exists in WebKit
JavaScript Bindings when handling page loading due to
unspecified logic flaws. An unauthenticated, remote
attacker can exploit this, via specially crafted web
content, to disclose data cross-origin. (CVE-2017-2442)
- A memory corruption issue exists in WebKit within the
CoreGraphics component due to improper validation of
certain input. An unauthenticated, remote attacker can
exploit this, via specially crafted web content, to
cause a denial of service condition or the execution of
arbitrary code. (CVE-2017-2444)
- A universal cross-site scripting (XSS) vulnerability
exists in WebKit when handling frame objects due to
improper validation of certain input. An
unauthenticated, remote attacker can exploit this, via
specially crafted web content, to execute arbitrary
script code in a user's browser session. (CVE-2017-2445)
- A flaw exists in WebKit due to non-strict mode functions
that are called from built-in strict mode scripts not
being properly restricted from calling sensitive native
functions. An unauthenticated, remote attacker can
exploit this, via specially crafted web content, to
execute arbitrary code. (CVE-2017-2446)
- An out-of-bounds read error exists in WebKit when
handling the bound arguments array of a bound function.
An unauthenticated, remote attacker can exploit this,
via specially crafted web content, to disclose memory
contents. (CVE-2017-2447)
- An unspecified flaw exists in FaceTime prompt handling
due to improper validation of certain input. An
unauthenticated, remote attacker can exploit this to
spoof user interface elements. (CVE-2017-2453)
- A use-after-free error exists in WebKit when handling
RenderBox objects. An unauthenticated, remote attacker
can exploit this, via specially crafted web content, to
dereference already freed memory, resulting in the
execution of arbitrary code. (CVE-2017-2463)
- An unspecified use-after-free error exists in WebKit
that allows an unauthenticated, remote attacker, via
specially crafted web content, to dereference already
freed memory, resulting in the execution of arbitrary
code. (CVE-2017-2471)
- A universal cross-site scripting (XSS) vulnerability
exists in WebKit when handling frames due to improper
validation of certain input. An unauthenticated, remote
attacker can exploit this, via specially crafted web
content, to execute arbitrary script code in a user's
browser session. (CVE-2017-2475)
- A use-after-free error exists in WebKit when handling
ElementData objects. An unauthenticated, remote attacker
can exploit this, via specially crafted web content, to
dereference already freed memory, resulting in the
execution of arbitrary code. (CVE-2017-2481)
- A use-after-free error exists in JavaScriptCore when
handling the String.replace() method. An
unauthenticated, remote attacker can exploit this to
deference already freed memory, resulting in the
execution of arbitrary code. (CVE-2017-2491)
- A universal cross-site scripting (XSS) vulnerability
exists in JavaScriptCore due to an unspecified prototype
flaw. An unauthenticated, remote attacker can exploit
this, via a specially crafted web page, to execute
arbitrary code in a user's browser session.
(CVE-2017-2492)");
script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207600");
# https://lists.apple.com/archives/security-announce/2017/Mar/msg00003.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b6d82a85");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apple Safari version 10.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-2378");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/25");
script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_apple_safari_installed.nbin");
script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
os = get_kb_item('Host/MacOSX/Version');
if (!os) audit(AUDIT_OS_NOT, 'Mac OS X or macOS');
if (!preg(pattern:"Mac OS X 10\.(10|11|12)([^0-9]|$)", string:os))
audit(AUDIT_OS_NOT, 'Mac OS X Yosemite 10.10 / Mac OS X El Capitan 10.11 / macOS Sierra 10.12');
get_kb_item_or_exit('MacOSX/Safari/Installed', exit_code:0);
path = get_kb_item_or_exit('MacOSX/Safari/Path', exit_code:1);
version = get_kb_item_or_exit('MacOSX/Safari/Version', exit_code:1);
fixed_version = '10.1';
if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
report = report_items_str(
report_items:make_array(
'Path', path,
'Installed version', version,
'Fixed version', fixed_version
),
ordered_fields:make_list('Path', 'Installed version', 'Fixed version')
);
security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);
}
else audit(AUDIT_INST_PATH_NOT_VULN, 'Safari', version, path);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo