Apple iOS 7.x < 7.0.3 Multiple Vulnerabilities

Low

Synopsis

The remote host is running a version of iOS that is missing security updates.

Description

The remote host is an iPhone, iPod Touch, or iPad running a version of iOS that is older than version 7.0.3, which means it may be missing updates for the following vulnerabilities:

- A null dereferencing at the lock screen could allow someone to bypass the lock to make calls to any phone number. (CVE-2013-5144)

- Passcode entry may be visible when it should not be, and this may allow an attacker with physical access to brute force the passcode. (CVE-2013-5162)

- A race condition may inadvertently allow access to the Contacts pane while the phone is locked. (CVE-2013-5164)

Solution

Upgrade to iOS 7.0.3 or later.