Apple iOS < 5.1.1 Multiple Vulnerabilities

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

Report iOS devices older than 5.1.1.

Description :

The mobile device is running a version of iOS that is older than
version 5.1.1. Version 5.1.1 contains numerous security-related fixes
for the following vulnerabilities :

- Attackers can use a vulnerability in WebKit to perform
cross-site scripting attacks, possibly leaking data such
as cookies, user information, and passwords.
(CVE-2011-3046, CVE-2011-3056)

- A remote code execution vulnerability in WebKit could
allow a malicious site to run code on the host iOS
device giving the attacker access to critical data on
the phone.(CVE-2012-0672)

- Vulnerabilities in Safari can allow malicious sites to
spoof the address in the address bar of the browser.
This attack allows an attacker to redirect victims to a
malicious site without the user's ability to notice.
(CVE-2012-0674)

See also :

http://support.apple.com/kb/HT5278
http://www.securityfocus.com/archive/1/522612/30/210/threaded

Solution :

Apple has released a set of patches for your iOS-based device.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Mobile Devices

Nessus Plugin ID: 60027 ()

Bugtraq ID: 52369
53404
53407
53446

CVE ID: CVE-2011-3046
CVE-2011-3056
CVE-2012-0672
CVE-2012-0674