Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_SAFARI7_0_4.NASL
HistoryMay 22, 2014 - 12:00 a.m.

Mac OS X : Apple Safari < 6.1.4 / 7.0.4 Multiple Vulnerabilities

2014-05-2200:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.1.4 or 7.0.4. It is, therefore, potentially affected by the following vulnerabilities :

  • Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution.
    (CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1324, CVE-2014-1326, CVE-2014-1327, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1344, CVE-2014-1731)

  • An error exists related to unicode character handling in URLs that could allow an attacker send an incorrect ‘postMessage’ origin that could allow a security bypass.
    (CVE-2014-1346)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74139);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id(
    "CVE-2013-2875",
    "CVE-2013-2927",
    "CVE-2014-1323",
    "CVE-2014-1324",
    "CVE-2014-1326",
    "CVE-2014-1327",
    "CVE-2014-1329",
    "CVE-2014-1330",
    "CVE-2014-1331",
    "CVE-2014-1333",
    "CVE-2014-1334",
    "CVE-2014-1335",
    "CVE-2014-1336",
    "CVE-2014-1337",
    "CVE-2014-1338",
    "CVE-2014-1339",
    "CVE-2014-1341",
    "CVE-2014-1342",
    "CVE-2014-1343",
    "CVE-2014-1344",
    "CVE-2014-1346",
    "CVE-2014-1731"
  );
  script_bugtraq_id(
    61057,
    63025,
    67082,
    67553,
    67554,
    67572
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-05-21-1");

  script_name(english:"Mac OS X : Apple Safari < 6.1.4 / 7.0.4 Multiple Vulnerabilities");
  script_summary(english:"Check the Safari SourceVersion");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple Safari installed on the remote Mac OS X host is a
version prior to 6.1.4 or 7.0.4. It is, therefore, potentially
affected by the following vulnerabilities :

  - Multiple memory corruption vulnerabilities exist in
    WebKit that could lead to unexpected program
    termination or arbitrary code execution.
    (CVE-2013-2875, CVE-2013-2927, CVE-2014-1323,
    CVE-2014-1324, CVE-2014-1326, CVE-2014-1327,
    CVE-2014-1329, CVE-2014-1330, CVE-2014-1331,
    CVE-2014-1333, CVE-2014-1334, CVE-2014-1335,
    CVE-2014-1336, CVE-2014-1337, CVE-2014-1338,
    CVE-2014-1339, CVE-2014-1341, CVE-2014-1342,
    CVE-2014-1343, CVE-2014-1344, CVE-2014-1731)

  - An error exists related to unicode character handling
    in URLs that could allow an attacker send an incorrect
    'postMessage' origin that could allow a security bypass.
    (CVE-2014-1346)");
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6254");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/532186/30/0/threaded");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple Safari 6.1.4 / 7.0.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1731");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/05/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_Safari31.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");

if (!ereg(pattern:"Mac OS X 10\.[7-9]([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.7 / 10.8 / 10.9");

get_kb_item_or_exit("MacOSX/Safari/Installed");
path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);

if ("10.7" >< os || "10.8" >< os) fixed_version = "6.1.4";
else fixed_version = "7.0.4";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version + '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);
VendorProductVersionCPE
applesafaricpe:/a:apple:safari

References

Related

securityvulns 13
nessus 36
thn 1
threatpost 3
openvas 32
cve 22
prion 22
ubuntucve 22
debiancve 3
chrome 3
mageia 3
freebsd 4
fedora 2
debian 6
osv 3
gentoo 4
suse 2
ubuntu 1
securityvulns
securityvulns
Apple Safari multiple security vulnerabilities
2014-05-29 00:00:00
APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4
2014-05-29 00:00:00
Apple TV multiple security vulnerabilities
2014-08-04 00:00:00
nessus
nessus
Safari < 6.1.4 / 7.0.4 Multiple Vulnerabilities
2014-05-23 00:00:00
Apple TV < 6.1.2 Multiple Vulnerabilities
2014-07-06 00:00:00
Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)
2014-10-21 00:00:00
thn
thn
Apple Patches 22 Safari WebKit Vulnerabilities
2014-05-23 20:33:00
threatpost
threatpost
May 2014 Apple Safari Browser Security Patches
2014-05-23 09:03:49
Google Fixes Three High-Risk Flaws in Chrome
2013-10-15 13:37:29
Google Fixes 17 Flaws in Chrome 28
2013-07-10 09:37:49
openvas
openvas
Apple Safari Multiple Memory Corruption Vulnerabilities-03 (Aug 2014) - Mac OS X
2014-08-25 00:00:00
Google Chrome Multiple Vulnerabilities-02 (Oct 2013) - Mac OS X
2013-10-23 00:00:00
Mageia: Security Advisory (MGASA-2013-0321)
2022-01-28 00:00:00
cve
cve
CVE-2014-1330
2014-05-22 19:55:00
CVE-2014-1327
2014-05-22 19:55:00
CVE-2014-1329
2014-05-22 19:55:00
prion
prion
Memory corruption
2014-05-22 19:55:00
Memory corruption
2014-05-22 19:55:00
Memory corruption
2014-05-22 19:55:00
ubuntucve
ubuntucve
CVE-2014-1341
2014-05-22 00:00:00
CVE-2014-1327
2014-05-22 00:00:00
CVE-2014-1339
2014-05-22 00:00:00
debiancve
debiancve
CVE-2013-2927
2013-10-16 20:55:00
CVE-2013-2875
2013-07-10 10:55:00
CVE-2014-1731
2014-04-26 10:55:00
chrome
chrome
Stable Channel Update
2013-10-15 00:00:00
Stable Channel Update
2014-04-24 00:00:00
Stable Channel Update
2013-07-09 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix multiple vulnerabilities
2013-11-09 22:58:53
Updated chromium-browser-stable packages fix multiple vulnerabilities
2014-05-10 23:44:04
Updated chromium-browser-stable packages fix security vulnerabilities
2013-07-26 15:52:03
freebsd
freebsd
chromium -- multiple vulnerabilities
2013-10-15 00:00:00
chromium -- multiple vulnerabilities
2014-04-24 00:00:00
WebKit-gtk -- Multiple vulnerabilities
2015-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: webkitgtk3-2.4.8-1.fc21
2015-01-11 02:57:02
[SECURITY] Fedora 21 Update: webkitgtk-2.4.8-1.fc21
2015-01-11 02:57:01
debian
debian
[SECURITY] [DSA 2920-1] chromium-browser security update
2014-05-03 21:44:20
[SECURITY] [DSA 2920-1] chromium-browser security update
2014-05-03 21:44:42
[SECURITY] [DSA 2724-1] chromium-browser security update
2013-07-18 22:00:31
osv
osv
chromium-browser - security update
2014-05-03 00:00:00
chromium-browser - several
2013-07-17 00:00:00
chromium-browser - several
2013-10-26 00:00:00
gentoo
gentoo
WebKitGTK+: Multiple vulnerabilities
2016-01-26 00:00:00
Chromium: Multiple vulnerabilities
2014-08-30 00:00:00
Chromium, V8: Multiple vulnerabilities
2014-03-05 00:00:00
suse
suse
chromium: 31.0.1650.57 version update (important)
2013-11-27 20:04:13
chromium: update to 31.0.1650.57 (important)
2013-12-12 18:05:02
ubuntu
ubuntu
Oxide vulnerabilities
2014-07-23 00:00:00
JSON
Related for MACOSX_SAFARI7_0_4.NASL
securityvulns13nessus36thn1threatpost3openvas32cve22prion22ubuntucve22debiancve3chrome3mageia3freebsd4fedora2debian6osv3gentoo4suse2ubuntu1