Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_SAFARI12.NASL
HistorySep 20, 2018 - 12:00 a.m.

macOS : Apple Safari < 12 Multiple Vulnerabilities

2018-09-2000:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12. It is, therefore, affected by multiple vulnerabilities.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(117617);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/01");

  script_cve_id(
    "CVE-2018-4191",
    "CVE-2018-4195",
    "CVE-2018-4197",
    "CVE-2018-4299",
    "CVE-2018-4306",
    "CVE-2018-4307",
    "CVE-2018-4309",
    "CVE-2018-4311",
    "CVE-2018-4312",
    "CVE-2018-4314",
    "CVE-2018-4315",
    "CVE-2018-4316",
    "CVE-2018-4317",
    "CVE-2018-4318",
    "CVE-2018-4319",
    "CVE-2018-4323",
    "CVE-2018-4328",
    "CVE-2018-4329",
    "CVE-2018-4345",
    "CVE-2018-4358",
    "CVE-2018-4359",
    "CVE-2018-4360",
    "CVE-2018-4361"
  );

  script_name(english:"macOS : Apple Safari < 12 Multiple Vulnerabilities");
  script_summary(english:"Checks the Safari version.");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple Safari installed on the remote macOS or Mac OS X 
host is prior to 12. It is, therefore, affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209109");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple Safari version 12 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4361");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_Safari31.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X or macOS");

if (!preg(pattern:"Mac OS X 10\.(12|13)([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "macOS Sierra 10.12 / macOS High Sierra 10.13");

installed = get_kb_item_or_exit("MacOSX/Safari/Installed", exit_code:0);
path      = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
version   = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);

fixed_version = "12.0.0";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  report = report_items_str(
    report_items:make_array(
      "Path", path,
      "Installed version", version,
      "Fixed version", fixed_version
    ),
    ordered_fields:make_list("Path", "Installed version", "Fixed version")
  );
  security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);
VendorProductVersionCPE
applesafaricpe:/a:apple:safari
applemac_os_xcpe:/o:apple:mac_os_x

References

Related

openvas 8
nessus 11
kaspersky 1
apple 12
googleprojectzero 1
gentoo 1
ubuntu 2
suse 2
prion 23
ubuntucve 19
debiancve 19
cve 23
checkpoint_advisories 9
zdt 9
packetstorm 9
zdi 3
fedora 2
kitploit 1
openvas
openvas
Apple iTunes Multiple Vulnerabilities-HT209140
2018-10-04 00:00:00
Apple iCloud Security Updates(HT209141)-Windows
2018-10-09 00:00:00
Ubuntu Update for webkit2gtk USN-3781-1
2018-10-04 00:00:00
nessus
nessus
Apple iTunes < 12.9 Multiple Vulnerabilities (credentialed check)
2018-10-02 00:00:00
Apple iTunes < 12.9 Multiple Vulnerabilities (uncredentialed check)
2018-10-02 00:00:00
Ubuntu 18.04 LTS : WebKitGTK+ vulnerabilities (USN-3781-1)
2018-10-04 00:00:00
kaspersky
kaspersky
KLA11323 Multiple vulnerabilities in Apple iTunes
2018-09-12 00:00:00
apple
apple
About the security content of Safari 12
2018-09-17 00:00:00
About the security content of Safari 12 - Apple Support
2019-01-23 08:10:26
About the security content of iTunes 12.9 for Windows
2018-09-12 00:00:00
googleprojectzero
googleprojectzero
365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools
2018-10-04 00:00:00
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2018-12-02 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2018-10-03 00:00:00
WebKitGTK+ vulnerabilities
2018-11-27 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2019-01-21 00:00:00
Security update for webkit2gtk3 (important)
2019-01-23 00:00:00
prion
prion
Memory corruption
2019-04-03 18:29:00
Memory corruption
2019-04-03 18:29:00
Memory corruption
2019-04-03 18:29:00
ubuntucve
ubuntucve
CVE-2018-4328
2018-09-28 00:00:00
CVE-2018-4323
2018-09-28 00:00:00
CVE-2018-4318
2018-09-28 00:00:00
debiancve
debiancve
CVE-2018-4328
2019-04-03 18:29:00
CVE-2018-4323
2019-04-03 18:29:00
CVE-2018-4358
2019-04-03 18:29:00
cve
cve
CVE-2018-4328
2019-04-03 18:29:00
CVE-2018-4358
2019-04-03 18:29:00
CVE-2018-4323
2019-04-03 18:29:00
checkpoint_advisories
checkpoint_advisories
Apple WebKit Use After Free Code Execution (CVE-2018-4323)
2018-09-18 00:00:00
Apple WebKit Use After Free Code Execution (CVE-2018-4318)
2018-09-18 00:00:00
Apple WebKit Out Of Bounds Read (CVE-2018-4328)
2018-09-18 00:00:00
zdt
zdt
WebKit - WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free Exploit
2018-09-28 00:00:00
WebKit - WebCore::InlineTextBox::paint Out-of-Bounds Read Exploit
2018-09-28 00:00:00
WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free Exploit
2018-09-28 00:00:00
packetstorm
packetstorm
WebKit WebCore::InlineTextBox::paint Out-Of-Bounds Read
2018-09-25 00:00:00
WebKit WebCore::SVGTRefElement::updateReferencedText Use-After-Free
2018-09-25 00:00:00
WebKit WebCore::SVGTextLayoutAttributes::context Use-After-Free
2018-09-25 00:00:00
zdi
zdi
Apple Safari Array Concat Uninitialized Buffer Information Disclosure Vulnerability
2018-09-24 00:00:00
Apple Safari Subframe Same-Origin Policy Bypass Vulnerability
2018-09-24 00:00:00
Apple Safari performProxyCall Internal Object Remote Code Execution Vulnerability
2018-09-24 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: webkit2gtk3-2.22.3-1.fc28
2018-11-21 03:13:06
[SECURITY] Fedora 29 Update: webkit2gtk3-2.22.3-1.fc29
2018-11-04 05:53:46
kitploit
kitploit
Fuzzilli - A JavaScript Engine Fuzzer
2020-11-21 20:30:00
JSON
Related for MACOSX_SAFARI12.NASL
openvas8nessus11kaspersky1apple12googleprojectzero1gentoo1ubuntu2suse2prion23ubuntucve19debiancve19cve23checkpoint_advisories9zdt9packetstorm9zdi3fedora2kitploit1