The host is installed with Apple Safari web browser and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to disclose potentially sensitive information, conduct cross-site scripting and spoofing attacks, and compromise a user's system. Impact Level: Application

Upgrade to Apple Safari version 5.0.4 or later, For updates refer to http://www.apple.com/support/downloads/

- An error in the WebKit component when handling redirects during HTTP Basic Authentication can be exploited to disclose the credentials to another site. - An error in the WebKit component when handling the Attr.style accessor can be exploited to inject an arbitrary Cascading Style Sheet (CSS) into another document. - A type checking error in the WebKit component when handling cached resources can be exploited to poison the cache and prevent certain resources from being requested. - An error in the WebKit component when handling HTML5 drag and drop operations across different origins can be exploited to disclose certain content to another site. - An error in the tracking of window origins within the WebKit component can be exploited to disclose the content of files to a remote server. - Input passed to the 'window.console._inspectorCommandLineAPI' property while browsing using the Web Inspector is not properly sanitised before being returned to the user.

Apple Safari versions prior to 5.0.4

• http://lists.apple.com/archives/security-announce/2011/mar/msg00004.html
• http://secunia.com/advisories/43696
• http://support.apple.com/kb/HT4566
• http://www.vupen.com/english/advisories/2011/0641

---

Updated on 2015-03-25