Apple iOS < 6.0.1 Multiple Vulnerabilities

critical Nessus Plugin ID 62803

Synopsis

Report iOS devices older than 6.0.1.

Description

The mobile device is running a version of iOS that is older than version 6.0.1. This version contains security-related fixes for the following issues :

- Kernel extension API responses containing an 'OSBundleMachOHeaders' key may include kernel addresses, which can aid in further attacks.
(CVE-2012-3749)

- The lock screen can provide 'Passbook' data to an attacker having physical device access but not a passcode. (CVE-2012-3750)

- A time-of-check-to-time-of-use issue in the handling of JavaScript array in WebKit could lead to arbitrary, remote code execution. (CVE-2012-3748)

- A use-after-free issue in the handling of SVG images in WebKit code could lead to arbitrary, remote code execution. (CVE-2012-5112)

Solution

Apple has released a set of patches for iOS-based devices.

See Also

https://support.apple.com/en-us/HT201347

https://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html

Plugin Details

Severity: Critical

ID: 62803

File Name: apple_ios_601_check.nbin

Version: 1.101

Type: local

Published: 11/2/2012

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-5112

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Required KB Items: mdm/dependency/unlocked

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/1/2012

Vulnerability Publication Date: 10/10/2012

Reference Information

CVE: CVE-2012-3748, CVE-2012-3749, CVE-2012-3750, CVE-2012-5112

BID: 55867, 56361, 56362, 56363