Detections
Analytics

Apple iOS < 5.0 Multiple Vulnerabilities (BEAST)

critical Nessus Plugin ID 60026

Language:

Synopsis

Report iOS devices older than 5.0.

Description

The mobile device is running a version of iOS that is prior to version 5.0. Version 5.0 contains numerous security-related fixes for the following vulnerabilities :

 - Apple iOS Calendar Synchronization SSL Certificate Validation Information Disclosure Vulnerability (CVE-2011-3253)

 - Apple iOS Calendar Cross-Site Scripting Vulnerability (CVE-2011-3254)

 - Apple iOS CFNetwork Information Disclosure Vulnerability (CVE-2011-3255)

 - Apple iOS and Mac OS X CFNetwork Cross Domain Information Disclosure Vulnerability (CVE-2011-3246)

 - Apple Mac OS X CoreFoundation Memory Corruption Vulnerability (CVE-2011-0259)

 - FreeType Font Document Multiple Memory Corruption Vulnerabilities (CVE-2011-3256)

 - Apple Mac OS X QuickTime Cross-Domain Information Disclosure Vulnerability (CVE-2011-0187)

 - Apple iOS Mail Cookie Synchronization Validation Information Disclosure Vulnerability (CVE-2011-3257)

 - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389)

 - Opera Web Browser Information Disclosure Vulnerability

 - Apple iOS Home Screen Information Disclosure Vulnerability (CVE-2011-3431)

 - libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability (CVE-2011-0192)

 - Apple Safari ImageIO TIFF Image Handling Heap Buffer Overflow Vulnerability (CVE-2011-0241)

 - Apple Mac OS X ICU Buffer Overflow Vulnerability (CVE-2011-0206)

 - Apple Kernel TCP Exhaustion Denial of Service Vulnerability (CVE-2011-3259)

 - Apple Mac OS X IPV6 Socket Options Denial of Service Vulnerability (CVE-2011-1132)

 - Apple iOS Keyboard Information Disclosure Vulnerability (CVE-2011-3245)

 - Apple Safari 'libxml' Remote Code Execution Vulnerability (CVE-2011-0216)

 - Apple iPhone/iPad/iPod Touch prior to iOS 5 Buffer Overflow Vulnerability (CVE-2011-3260)

 - Apple iPhone/iPad/iPod Touch prior to iOS 5 Remote Code Execution Vulnerability (CVE-2011-3261)

 - Apple Mac OS X QuickLook Office File Memory Corruption Vulnerability (CVE-2011-0208)

 - Apple Mac OS X QuickLook Remote Code Execution Vulnerability (CVE-2011-0184)

 - Apple iPhone/iPad/iPod Touch 'Content-Disposition' Header Cross-Site Scripting Vulnerability (CVE-2011-3246)

 - Apple iOS Parental Restrictions Passcode Information Disclosure Vulnerability (CVE-2011-3249)

 - Apple iOS Insecure Misleading UI Insecure Configuration Weakness (CVE-2011-3430)

 - Apple iOS Remote Denial of Service Vulnerability (CVE-2011-3432)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0218)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0221)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0222)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0225)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0232)

 - WebKit FrameOwner Element Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0233)

 - WebKit Malformed XHTML Tags Use-After-Free Memory Corruption Vulnerability (CVE-2011-0234)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0235)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0238)

 - WebKit 'NamedNodeMap.cpp' Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0254)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0255)

 - Google Chrome prior to 9.0.597.94 Multiple Security Vulnerabilities (CVE-2011-0981)

 - Google Chrome prior to 9.0.597.107 Multiple Security Vulnerabilities (CVE-2011-1109)

 - Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities (CVE-2011-1188)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1288)

 - Google Chrome prior to 10.0.648.204 Multiple Security Vulnerabilities (CVE-2011-1293)

 - Google Chrome prior to 11.0.696.57 Multiple Security Vulnerabilities (CVE-2011-1449)

 - WebKit MathML Tags Use-After-Free Remote Code Execution Vulnerability

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1453)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1457)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1462)

 - WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1797)

 - WebKit Multiple Unspecified Remote Code Execution Vulnerabilities (CVE-2011-2338)

 - WebKit Style Sheet Elements Remote Code Execution Vulnerability (CVE-2011-2341)

 - Google Chrome Prior to 12.0.742.112 Multiple Security Vulnerabilities (CVE-2011-2351)

 - Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities (CVE-2011-2359)

 - Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities (CVE-2011-2823)

 - Mozilla Firefox/Thunderbird/SeaMonkey YARR Remote Code Execution Vulnerability (CVE-2011-3232)

 - Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities (CVE-2011-3234)

 - WebKit Embedded URL Cross Domain Scripting Vulnerability (CVE-2011-0242)

 - WebKit Address Bar URI Spoofing Vulnerability (CVE-2011-1107)

 - WebKit 'libxslt' Remote Code Execution Vulnerability (CVE-2011-1774)

 - WebKit 'HTML5' Drag and Drop Cross-Origin Information Disclosure Vulnerability (CVE-2011-0166)

 - WebKit Inactive DOM Windows Cross Domain Scripting Vulnerability (CVE-2011-3243)

 - Apple iOS WiFi Credentials Information Disclosure Vulnerability (CVE-2011-3234)

Solution

Apple has released a set of patches for your iOS-based device.

See Also

https://support.apple.com/en-us/HT202349

https://www.imperialviolet.org/2011/09/23/chromeandbeast.html

https://www.openssl.org/~bodo/tls-cbc.txt

Plugin Details

Severity: Critical

ID: 60026

File Name: apple_ios_50_check.nbin

Version: 1.114

Type: local

Published: 6/19/2012

Updated: 9/4/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-0983

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Required KB Items: mdm/dependency/unlocked

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/31/2012

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (Apple Safari Webkit libxslt Arbitrary File Creation)

ExploitHub (EH-11-678)

Reference Information

CVE: CVE-2011-0166, CVE-2011-0184, CVE-2011-0187, CVE-2011-0192, CVE-2011-0206, CVE-2011-0208, CVE-2011-0216, CVE-2011-0218, CVE-2011-0221, CVE-2011-0222, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0238, CVE-2011-0241, CVE-2011-0242, CVE-2011-0254, CVE-2011-0255, CVE-2011-0259, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1132, CVE-2011-1188, CVE-2011-1190, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1295, CVE-2011-1296, CVE-2011-1449, CVE-2011-1451, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1774, CVE-2011-1797, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2351, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2359, CVE-2011-2788, CVE-2011-2790, CVE-2011-2792, CVE-2011-2797, CVE-2011-2799, CVE-2011-2800, CVE-2011-2805, CVE-2011-2809, CVE-2011-2813, CVE-2011-2814, CVE-2011-2816, CVE-2011-2817, CVE-2011-2818, CVE-2011-2819, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3232, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3243, CVE-2011-3244, CVE-2011-3245, CVE-2011-3246, CVE-2011-3253, CVE-2011-3254, CVE-2011-3255, CVE-2011-3256, CVE-2011-3257, CVE-2011-3259, CVE-2011-3260, CVE-2011-3261, CVE-2011-3389, CVE-2011-3426, CVE-2011-3427, CVE-2011-3429, CVE-2011-3430, CVE-2011-3431, CVE-2011-3432, CVE-2011-3434

BID: 46262, 46614, 46658, 46785, 46811, 46965, 46992, 47020, 47029, 47604, 48422, 48429, 48440, 48479, 48823, 48824, 48832, 48833, 48840, 48842, 48843, 48844, 48845, 48846, 48847, 48848, 48850, 48852, 48853, 48854, 48855, 48856, 48857, 48858, 48859, 48960, 49279, 49388, 49658, 49778, 49850, 50066, 50067, 50087, 50088, 50115, 50123, 50124, 50143, 50147, 50149, 50151, 50152, 50154, 50155, 50156, 50157, 50158, 50159, 50161, 51032

CERT: 864643