Detections
Analytics
Apple iOS < 10.3 Multiple Vulnerabilities
high Nessus Network Monitor Plugin ID 700034
Synopsis
The remote host is missing a high severity Apple iOS patch update.Description
The version of iOS running on the mobile device is prior to 10.3, and is affected by multiple vulnerabilities :- An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2376)
- An unspecified flaw exists in the handling of HTTP authentication. This may allow a context-dependent attacker to display authentication sheets on arbitrary web sites and cause a denial of service. (CVE-2017-2389)
- A flaw exists in the password-protected PDF export feature that is triggered as a weak encryption algorithm is used. This may allow an attacker with access to a password-protected document to potentially disclose the document content. (CVE-2017-2391)
- A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API calls. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)
Additional flaws exist in the following components :
- Carbon (CVE-2017-2379)
- CoreGraphics (CVE-2017-2417)
- DataAccess (CVE-2017-2414)
- FontParser (CVE-2017-2406, CVE-2017-2407)
- iCloud (CVE-2017-2397)
- ImageIO (CVE-2017-2416)
- iTunes Store (CVE-2017-2412)
- Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2490)
- libarchive (CVE-2017-2390)
- Pasteboard (CVE-2017-2399)
- Quick Look (CVE-2017-2404)
- Safari (CVE-2017-2384, CVE-2017-2393, CVE-2017-2400)
- Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)
Solution
Upgrade to Apple iOS 10.3 or later.See Also
https://support.apple.com/en-us/HT207617
https://threatpost.com/apple-fixes-223-vulnerabilities-across-macos-ios-safari/124599
https://support.apple.com/en-us/HT207600
Plugin Details
Severity: High
ID: 700034
Family: Mobile Devices
Published: 3/31/2017
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:apple:iphone_os
Patch Publication Date: 3/27/2017
Vulnerability Publication Date: 3/27/2017
Reference Information
CVE: CVE-2017-2367, CVE-2017-2376, CVE-2017-2378, CVE-2017-2379, CVE-2017-2384, CVE-2017-2386, CVE-2017-2389, CVE-2017-2390, CVE-2017-2391, CVE-2017-2393, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2397, CVE-2017-2398, CVE-2017-2399, CVE-2017-2400, CVE-2017-2401, CVE-2017-2404, CVE-2017-2405, CVE-2017-2406, CVE-2017-2407, CVE-2017-2412, CVE-2017-2414, CVE-2017-2415, CVE-2017-2416, CVE-2017-2417, CVE-2017-2419, CVE-2017-2423, CVE-2017-2424, CVE-2017-2428, CVE-2017-2430, CVE-2017-2432, CVE-2017-2433, CVE-2017-2434, CVE-2017-2435, CVE-2017-2439, CVE-2017-2440, CVE-2017-2441, CVE-2017-2442, CVE-2017-2444, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2448, CVE-2017-2450, CVE-2017-2451, CVE-2017-2452, CVE-2017-2453, CVE-2017-2454, CVE-2017-2455, CVE-2017-2456, CVE-2017-2457, CVE-2017-2458, CVE-2017-2459, CVE-2017-2460, CVE-2017-2461, CVE-2017-2462, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2467, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2475, CVE-2017-2476, CVE-2017-2478, CVE-2017-2481, CVE-2017-2482, CVE-2017-2483, CVE-2017-2484, CVE-2017-2485, CVE-2017-2486, CVE-2017-2487, CVE-2017-2490