Apple iOS 7.x < 7.0.3 Multiple Vulnerabilities

Low

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :

- A NULL de-referencing at the lock screen could allow someone to bypass the lock to make calls to any phone number. (CVE-2013-5144) - A passcode entry may be visible when it should not be, and this may allow an attacker with physical access to brute force the passcode. (CVE-2013-5162) - A race condition may inadvertently allow access to the Contacts pane while the phone is locked. (CVE-2013-5164)

Solution

Upgrade to Apple iOS 7.0.3 or later.