Apple iOS < 6.0 Multiple Vulnerabilities

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

Report iOS devices older than 6.0.

Description :

The mobile device is running a version of iOS that is older than
version 6.0. Version 6.0 contains numerous security-related fixes
for the following vulnerabilities :

- Numerous memory errors exist related to handling
'TIFF', 'PNG' and 'JPEG' images and 'ImageIO' that could
allow arbitrary code execution. (CVE-2011-1167,
CVE-2011-3026, CVE-2011-3048, CVE-2011-3328,
CVE-2012-1173, CVE-2012-3726)

- Several issues exist related to 'CoreGraphics' and
'FreeType' (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128,
CVE-2012-1129, CVE-2012-1130, CVE-2012-1131,
CVE-2012-1132, CVE-2012-1133, CVE-2012-1134,
CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,
CVE-2012-1138, CVE-2012-1139, CVE-2012-1140,
CVE-2012-1141, CVE-2012-1142, CVE-2012-1143,
CVE-2012-1144)

- Numerous issues exist related to libxml and could lead
to application crashes or arbitrary code execution.
(CVE-2011-1944, CVE-2011-2821, CVE-2011-2834,
CVE-2011-3919)

- A stack-based buffer overflow exists related to 'locale
ID' and 'International Components for Unicode' (ICU).
(CVE-2011-4599)

- An unitialized memory access issue exists related to
'Sorenson' encoded movie files and 'CoreMedia'.
(CVE-2012-3722)

- An URL handling issue exists related to 'CFNetwork'
that can disclose sensitive information. (CVE-2012-3724)

- The 'DNAv4' protocol discloses sensitive information
when connecting to unencrypted WiFi networks.
(CVE-2012-3725)

- A buffer overflow error exists related to 'IPSec' and
'racoon' configuration files. (CVE-2012-3727)

- An invalid pointer dereference error exists related to
the kernel and packet filter ioctls. (CVE-2012-3728)

- An uninitialized memory access error exists related to
the kernel and the Berkeley Packet Filter interpreter.
(CVE-2012-3729)

- Several issues exist related to 'Mail' and the handling
of attachments and 'S/MIME' signed messages.
(CVE-2012-3730, CVE-2012-3731, CVE-2012-3732)

- Information disclosure issues exist related to
'Messages', 'Office Viewer', system logs, and 'UIKit'.
(CVE-2012-3733, CVE-2012-3734, CVE-2012-3743,
CVE-2012-3746)

- Memory corruption errors exist related to 'OpenGL'.
(CVE-2011-3457)

- Numerous errors exist related to 'Passcode Lock'.
(CVE-2012-3735, CVE-2012-3736, CVE-2012-3737,
CVE-2012-3738, CVE-2012-3739, CVE-2012-3740)

- An error exists in 'Restrictions' that could allow
unauthorized purchases. (CVE-2012-3741)

- Errors exist in 'Safari' that are related to misleading
URL characters and password auto complete.
(CVE-2012-3742, CVE-2012-0680)

- A buffer overflow error exists related to 'Telephony'
and SMS handling. (CVE-2012-3745)

- Many errors exist related to the bundled 'WebKit'
components. (CVE-2011-2845, CVE-2011-3016,
CVE-2011-3021, CVE-2011-3027, CVE-2011-3032,
CVE-2011-3034, CVE-2011-3035, CVE-2011-3036,
CVE-2011-3037, CVE-2011-3038, CVE-2011-3039,
CVE-2011-3040, CVE-2011-3041, CVE-2011-3042,
CVE-2011-3043, CVE-2011-3044, CVE-2011-3050,
CVE-2011-3053, CVE-2011-3059, CVE-2011-3060,
CVE-2011-3064, CVE-2011-3067, CVE-2011-3068,
CVE-2011-3069, CVE-2011-3071, CVE-2011-3073,
CVE-2011-3074, CVE-2011-3075, CVE-2011-3076,
CVE-2011-3078, CVE-2011-3081, CVE-2011-3086,
CVE-2011-3089, CVE-2011-3090, CVE-2011-3105,
CVE-2011-3913, CVE-2011-3924, CVE-2011-3926,
CVE-2011-3958, CVE-2011-3966, CVE-2011-3968,
CVE-2011-3969, CVE-2011-3971, CVE-2012-0682,
CVE-2012-0683, CVE-2012-1520, CVE-2012-1521,
CVE-2012-2815, CVE-2012-2818, CVE-2012-3589,
CVE-2012-3590, CVE-2012-3591, CVE-2012-3592,
CVE-2012-3593, CVE-2012-3594, CVE-2012-3595,
CVE-2012-3596, CVE-2012-3597, CVE-2012-3598,
CVE-2012-3599, CVE-2012-3600, CVE-2012-3601,
CVE-2012-3602, CVE-2012-3603, CVE-2012-3604,
CVE-2012-3605, CVE-2012-3608, CVE-2012-3609,
CVE-2012-3610, CVE-2012-3611, CVE-2012-3612,
CVE-2012-3613, CVE-2012-3614, CVE-2012-3615,
CVE-2012-3617, CVE-2012-3618, CVE-2012-3620,
CVE-2012-3624, CVE-2012-3625, CVE-2012-3626,
CVE-2012-3627, CVE-2012-3628, CVE-2012-3629,
CVE-2012-3630, CVE-2012-3631, CVE-2012-3633,
CVE-2012-3634, CVE-2012-3635, CVE-2012-3636,
CVE-2012-3637, CVE-2012-3638, CVE-2012-3639,
CVE-2012-3640, CVE-2012-3641, CVE-2012-3642,
CVE-2012-3644, CVE-2012-3645, CVE-2012-3646,
CVE-2012-3647, CVE-2012-3648, CVE-2012-3650,
CVE-2012-3651, CVE-2012-3652, CVE-2012-3653,
CVE-2012-3655, CVE-2012-3656, CVE-2012-3658,
CVE-2012-3659, CVE-2012-3660, CVE-2012-3661,
CVE-2012-3663, CVE-2012-3664, CVE-2012-3665,
CVE-2012-3666, CVE-2012-3667, CVE-2012-3668,
CVE-2012-3669, CVE-2012-3670, CVE-2012-3671,
CVE-2012-3672, CVE-2012-3673, CVE-2012-3674,
CVE-2012-3676, CVE-2012-3677, CVE-2012-3678,
CVE-2012-3679, CVE-2012-3680, CVE-2012-3681,
CVE-2012-3682, CVE-2012-3683, CVE-2012-3684,
CVE-2012-3686, CVE-2012-3691, CVE-2012-3693,
CVE-2012-3695, CVE-2012-3696, CVE-2012-3703,
CVE-2012-3704, CVE-2012-3706, CVE-2012-3708,
CVE-2012-3710, CVE-2012-3747)

See also :

http://support.apple.com/kb/HT5503
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

Solution :

Apple has released a set of patches for iOS-based devices.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Mobile Devices

Nessus Plugin ID: 62242 ()

Bugtraq ID: 51006
52049
52830
53679
54203
54680
55087
55534
56250
56251
56253
56254
56255
56257
56259
56260
56261
56264
56265
56267
56268
56269
56270
56271
56272
56273
56274
56275
56276
56277
56279
56296
57027

CVE ID: CVE-2011-1167
CVE-2011-1944
CVE-2011-2821
CVE-2011-2834
CVE-2011-2845
CVE-2011-3016
CVE-2011-3021
CVE-2011-3026
CVE-2011-3027
CVE-2011-3032
CVE-2011-3034
CVE-2011-3035
CVE-2011-3036
CVE-2011-3037
CVE-2011-3038
CVE-2011-3039
CVE-2011-3040
CVE-2011-3041
CVE-2011-3042
CVE-2011-3043
CVE-2011-3044
CVE-2011-3048
CVE-2011-3050
CVE-2011-3053
CVE-2011-3059
CVE-2011-3060
CVE-2011-3064
CVE-2011-3067
CVE-2011-3068
CVE-2011-3069
CVE-2011-3071
CVE-2011-3073
CVE-2011-3074
CVE-2011-3075
CVE-2011-3076
CVE-2011-3078
CVE-2011-3081
CVE-2011-3086
CVE-2011-3089
CVE-2011-3090
CVE-2011-3105
CVE-2011-3328
CVE-2011-3457
CVE-2011-3913
CVE-2011-3919
CVE-2011-3924
CVE-2011-3926
CVE-2011-3958
CVE-2011-3966
CVE-2011-3968
CVE-2011-3969
CVE-2011-3971
CVE-2011-4599
CVE-2012-0680
CVE-2012-0682
CVE-2012-0683
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
CVE-2012-1173
CVE-2012-1520
CVE-2012-1521
CVE-2012-2815
CVE-2012-2818
CVE-2012-3589
CVE-2012-3590
CVE-2012-3591
CVE-2012-3592
CVE-2012-3593
CVE-2012-3594
CVE-2012-3595
CVE-2012-3596
CVE-2012-3597
CVE-2012-3598
CVE-2012-3599
CVE-2012-3600
CVE-2012-3601
CVE-2012-3602
CVE-2012-3603
CVE-2012-3604
CVE-2012-3605
CVE-2012-3608
CVE-2012-3609
CVE-2012-3610
CVE-2012-3611
CVE-2012-3612
CVE-2012-3613
CVE-2012-3614
CVE-2012-3615
CVE-2012-3617
CVE-2012-3618
CVE-2012-3620
CVE-2012-3624
CVE-2012-3625
CVE-2012-3626
CVE-2012-3627
CVE-2012-3628
CVE-2012-3629
CVE-2012-3630
CVE-2012-3631
CVE-2012-3633
CVE-2012-3634
CVE-2012-3635
CVE-2012-3636
CVE-2012-3637
CVE-2012-3638
CVE-2012-3639
CVE-2012-3640
CVE-2012-3641
CVE-2012-3642
CVE-2012-3644
CVE-2012-3645
CVE-2012-3646
CVE-2012-3647
CVE-2012-3648
CVE-2012-3650
CVE-2012-3651
CVE-2012-3652
CVE-2012-3653
CVE-2012-3655
CVE-2012-3656
CVE-2012-3658
CVE-2012-3659
CVE-2012-3660
CVE-2012-3661
CVE-2012-3663
CVE-2012-3664
CVE-2012-3665
CVE-2012-3666
CVE-2012-3667
CVE-2012-3668
CVE-2012-3669
CVE-2012-3670
CVE-2012-3671
CVE-2012-3672
CVE-2012-3673
CVE-2012-3674
CVE-2012-3676
CVE-2012-3677
CVE-2012-3678
CVE-2012-3679
CVE-2012-3680
CVE-2012-3681
CVE-2012-3682
CVE-2012-3683
CVE-2012-3684
CVE-2012-3686
CVE-2012-3691
CVE-2012-3693
CVE-2012-3695
CVE-2012-3696
CVE-2012-3703
CVE-2012-3704
CVE-2012-3706
CVE-2012-3708
CVE-2012-3710
CVE-2012-3722
CVE-2012-3724
CVE-2012-3725
CVE-2012-3726
CVE-2012-3727
CVE-2012-3728
CVE-2012-3729
CVE-2012-3730
CVE-2012-3731
CVE-2012-3732
CVE-2012-3733
CVE-2012-3734
CVE-2012-3735
CVE-2012-3736
CVE-2012-3737
CVE-2012-3738
CVE-2012-3739
CVE-2012-3740
CVE-2012-3741
CVE-2012-3742
CVE-2012-3743
CVE-2012-3744
CVE-2012-3745
CVE-2012-3746
CVE-2012-3747