Detections
Analytics

Apple iOS < 7.1 Multiple Vulnerabilities

high Nessus Plugin ID 72907

Language:

Synopsis

The version of iOS running on the mobile device is affected by multiple vulnerabilities.

Description

The mobile device is running a version of iOS that is prior to version 7.1. It is, therefore, affected by vulnerabilities in the following components :

 - Backup
 - Certificate Trust Policy
 - Configuration Profiles
 - CoreCapture
 - Crash Reporting
 - dyld
 - FaceTime
 - ImageIO
 - IOKit HID Event
 - iTunes Store
 - Kernel
 - Office Viewer
 - Photos Backend
 - Profiles
 - Safari
 - Settings - Accounts
 - Springboard
 - SpringBoard Lock Screen
 - TelephonyUI Framework
 - USB Host
 - Video Driver
 - WebKit

Solution

Upgrade to Apple iOS 7.1 or later.

See Also

https://support.apple.com/en-us/HT202935

https://seclists.org/bugtraq/2014/Mar/53

Plugin Details

Severity: High

ID: 72907

File Name: apple_ios_71_check.nbin

Version: 1.102

Type: local

Published: 3/10/2014

Updated: 9/4/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 8.8

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:C

CVSS Score Source: CVE-2013-5133

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Required KB Items: mdm/dependency/unlocked

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/10/2014

Vulnerability Publication Date: 7/22/2012

Reference Information

CVE: CVE-2012-2088, CVE-2013-2909, CVE-2013-2926, CVE-2013-2928, CVE-2013-3948, CVE-2013-5133, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5227, CVE-2013-5228, CVE-2013-6625, CVE-2013-6629, CVE-2013-6635, CVE-2013-6835, CVE-2014-1252, CVE-2014-1267, CVE-2014-1269, CVE-2014-1270, CVE-2014-1271, CVE-2014-1272, CVE-2014-1273, CVE-2014-1274, CVE-2014-1275, CVE-2014-1276, CVE-2014-1278, CVE-2014-1280, CVE-2014-1281, CVE-2014-1282, CVE-2014-1285, CVE-2014-1286, CVE-2014-1287, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, CVE-2014-1294, CVE-2014-2019

BID: 54270, 63024, 63028, 63672, 63676, 64354, 64355, 64356, 64358, 64359, 64360, 64361, 64362, 65113, 65779, 65780, 65781, 66087, 66088, 66089, 66108

APPLE-SA: APPLE-SA-2014-03-10-1