Apple iOS < 6.0.1 Multiple Vulnerabilities

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

Report iOS devices older than 6.0.1.

Description :

The mobile device is running a version of iOS that is older than
version 6.0.1. This version contains security-related fixes for the
following issues :

- Kernel extension API responses containing
an 'OSBundleMachOHeaders' key may include kernel
addresses, which can aid in further attacks.

- The lock screen can provide 'Passbook' data to an
attacker having physical device access but not a
passcode. (CVE-2012-3750)

- A time-of-check-to-time-of-use issue in the handling
of JavaScript array in WebKit could lead to arbitrary,
remote code execution. (CVE-2012-3748)

- A use-after-free issue in the handling of SVG images
in WebKit code could lead to arbitrary, remote code
execution. (CVE-2012-5112)

See also :

Solution :

Apple has released a set of patches for iOS-based devices.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Mobile Devices

Nessus Plugin ID: 62803 ()

Bugtraq ID: 55867

CVE ID: CVE-2012-3748