icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apple iOS < 6.0.1 Multiple Vulnerabilities

High

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :

- Kernel extension API responses containing an 'OSBundleMachOHeaders' key may include kernel addresses which can aid in further attacks. (CVE-2012-3749) - The lock screen can provide 'Passbook' data to an attacker having physical device access but not a passcode. (CVE-2012-3750) - A 'time-of-check-to-time-of-use' issue in the handling of JavaScript array data within WebKit could lead to arbitrary, remote code execution. (CVE-2012-3748) - A use-after-free issue in the handling of SVG images in WebKit could lead to arbitrary, remote code execution. (CVE-2012-5112)

Solution

Upgrade to Apple iOS 6.0.1 or later.