Apple Safari Webkit Multiple Vulnerabilities - May 12 (Mac OS X) Network Vulnerability

Summary

The host is installed with Apple Safari web browser and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to conduct cross site scripting attacks, bypass certain security restrictions, and compromise a user's system. Impact Level: Application

Solution

Upgrade to Apple Safari version 5.1.7 or later, For updates refer to http://www.apple.com/support/downloads/

Insight

The flaws are due to - Multiple cross site scripting and memory corruption issues in webkit. - A state tracking issue existed in WebKit's handling of forms.

Affected

Apple Safari versions prior to 5.1.7 on Mac OS X

References

http://lists.apple.com/archives/security-announce/2012/May/msg00002.html
http://secunia.com/advisories/47292/
http://support.apple.com/kb/HT5282

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3046, CVE-2011-3056, CVE-2012-0672, CVE-2012-0676

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
3S CoDeSys CmpWebServer Multiple Vulnerabilities

Take action and discover your vulnerabilities