Apple iOS < 6.1.3 Multiple Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

Report iOS devices older than 6.1.3.

Description :

The mobile device is running a version of iOS that is older than
version 6.1.3. This version contains security-related fixes for the
following issues :

- A state management error exists related to 'Mach-O'
files and overlapping segments that could allow
execution of unsigned code. (CVE-2013-0977)

- An error exists related to the ARM prefetch abort
handler that could allow disclosure of sensitive
information. (CVE-2013-0978)

- An error exists related to 'lockdownd' and file
permissions restrictions. (CVE-2013-0979)

- An error exists related to screen locking that could
allow unauthorized access. (CVE-2013-0980)

- An error exists related to IOUSBDeviceFamily driver used
pipe object pointers that could allow execution of
arbitrary code. (CVE-2013-0981)

- A variable casting error exists related to the bundled
'WebKit' component and SVG handling. (CVE-2013-0912)

See also :

http://support.apple.com/kb/HT5704
http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html

Solution :

Apple has released a set of patches for iOS-based devices.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Mobile Devices

Nessus Plugin ID: 65633 ()

Bugtraq ID: 57967
57990
58586
58588
58589
58590

CVE ID: CVE-2013-0912
CVE-2013-0977
CVE-2013-0978
CVE-2013-0979
CVE-2013-0980
CVE-2013-0981