Apple iOS < 6.1 Multiple Vulnerabilities

high Nessus Plugin ID 64287

Synopsis

Report iOS devices older than 6.1.

Description

The mobile device is running a version of iOS that is older than version 6.1. This version contains security-related fixes for the following issues :

- An error related to 'EUC-JP' encoding could allow cross- site scripting attacks. (CVE-2011-3058)

- An out-of-bounds read error exists related to 802.11i information handling that could allow remote attackers to disable WiFi. (CVE-2012-2619)

- An error exists related to certificate-based 'Apple ID' authentication that could allow improper trust extension. (CVE-2013-0963)

- An error exists related to the 'copyin' and 'copyout' functions that could allow a user-mode process to access the first page of kernel memory. (CVE-2013-0964)

- An error exists related to Mobile Safari preferences that could improperly allow JavaScript to be enabled after a user has disabled it.
(CVE-2013-0974)

- Many errors exist related to the bundled 'WebKit' components. (CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2012-3606, CVE-2012-3607, CVE-2012-3621, CVE-2012-3632, CVE-2012-3687, CVE-2012-3701, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0962, CVE-2013-0968)

- Two intermediate certificates, improperly issued by TURKTRUST certificate authority, are incorrectly trusted.

Solution

Apple has released a set of patches for iOS-based devices.

See Also

https://support.apple.com/en-us/HT202673

https://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

Plugin Details

Severity: High

ID: 64287

File Name: apple_ios_61_check.nbin

Version: 1.101

Type: local

Published: 1/29/2013

Updated: 9/4/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Required KB Items: mdm/dependency/unlocked

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/28/2013

Vulnerability Publication Date: 1/28/2013

Reference Information

CVE: CVE-2011-3058, CVE-2012-2619, CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2012-3606, CVE-2012-3607, CVE-2012-3621, CVE-2012-3632, CVE-2012-3687, CVE-2012-3701, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0962, CVE-2013-0963, CVE-2013-0964, CVE-2013-0968, CVE-2013-0974

BID: 52762, 54203, 54749, 55534, 55676, 56184, 57576, 57580, 57581, 57582, 57583, 57584, 57585, 57586, 57587, 57588, 57589, 57590, 57591, 57595, 57597, 57598