Detections
Analytics

Apple iOS < 1.1.4 DoS

medium Nessus Network Monitor Plugin ID 4425

Synopsis

The remote mobile host is vulnerable to a denial of service (DoS) attack.

Description

Versions of Apple iOS prior to 1.1.4 use a vulnerable build of the Apple Webkit prior to 420.1, which is affected by a denial of service vulnerability. This flaw exists because of the way the Safari browser handles memory. Specifically, when all memory has been utilized by the browser, it will attempt to close all inactive documents. In the process of closing these documents, a kernel panic and ensuing crash occurs. An attacker exploiting this flaw would need to be able to entice an iOS user to browse to a malicious web server. Successful exploitation would result in the device crashing.

Solution

Upgrade to iOS version 1.1.4 or higher.

See Also

http://www.securityfocus.com/archive/1/487607/30/0/threaded

Plugin Details

Severity: Medium

ID: 4425

Published: 3/14/2008

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Patch Publication Date: 2/12/2008

Vulnerability Publication Date: 2/12/2008

Reference Information

CVE: CVE-2008-0729

BID: 27442