Apple iOS < 6.0.1 Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is an iPhone, iPod Touch, or iPad running iOS.

Versions of iOS < 6.0.1 are potentially affected by multiple vulnerabilities. Apple iOS 6.0.1 contains security fixes for the following products :

- Kernel extension API responses containing an 'OSBundleMachOHeaders' key may include kernel addresses, which can aid in further attacks. (CVE-2012-3749)

- The lock screen can provide 'Passbook' data to an attacker having physical device access but not a passcode. (CVE-2012-3750)

- A time-of-check-to-time-of-use issue in the handling of JavaScript array in WebKit could lead to arbitrary, remote code execution. (CVE-2012-3748)

- A use-after-free issue in the handling of SVG images in WebKit code could lead to arbitrary, remote code execution. (CVE-2012-5112)

Solution

Upgrade to iOS 6.0.1 or later.