icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apple iOS < 6.1 Multiple Vulnerabilities

High

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :

- An error related to 'EUC-JP' encoding could allow cross-site scripting attacks. (CVE-2011-3058) - An out-of-bounds read error exists, related to 802.11i information handling, that could allow remote attackers to disable Wi-Fi. (CVE-2012-2619) - An error exists related to certificate-based 'Apple ID' authentication that could allow improper trust extension. (CVE-2013-0963) - An error exists related to the 'copyin' and 'copyout' functions that could allow a user-mode process to access the first page of kernel memory. (CVE-2013-0964) - An error exists related to Mobile Safari preferences that could improperly allow JavaScript to be enabled after a user has disabled it. (CVE-2013-0974) - Many errors exist related to the bundled 'WebKit' components. (CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2012-3606, CVE-2012-3607, CVE-2012-3621, CVE-2012-3632, CVE-2012-3687, CVE-2012-3701, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0962, CVE-2013-0968) - Two intermediate certificates, improperly issued by TURKTRUST certificate authority, are incorrectly trusted.

Solution

Upgrade to Apple iOS 6.1 or later.