Apple iOS < 6.0.1 Multiple Vulnerabilities

High

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :

- Kernel extension API responses containing an 'OSBundleMachOHeaders' key may include kernel addresses which can aid in further attacks. (CVE-2012-3749) - The lock screen can provide 'Passbook' data to an attacker having physical device access but not a passcode. (CVE-2012-3750) - A 'time-of-check-to-time-of-use' issue in the handling of JavaScript array data within WebKit could lead to arbitrary, remote code execution. (CVE-2012-3748) - A use-after-free issue in the handling of SVG images in WebKit could lead to arbitrary, remote code execution. (CVE-2012-5112)

Solution

Upgrade to Apple iOS 6.0.1 or later.