106692

https://support.apple.com/HT209443

https://support.apple.com/HT209449

The version of Apple iOS running on the mobile device is prior to 12.1.3. It is, therefore, affected by multiple vulnerabilities:

 - Multiple unspecified vulnerabilities in WebKit can lead to arbitrary code execution if a user is enticed to visit a malicious web page. (CVE-2019-6227, CVE-2019-6233, CVE-2019-6234)

 - A maliciously crafted SQL query could lead to arbitrary code execution. (CVE-2018-20346, CVE-2018-20505, CVE-2018-20506)

 - A malicious application could lead to arbitrary code execution with kernel privileges. (CVE-2019-6218)

Additionally several other vulnerabilities exist, the highest of which could allow an attacker to perform a remote code execution attack by enticing a user to view malicious web content.

The version of Apple Safari installed on the remote host is prior to 12.0.3. It is, therefore, affected by the following vulnerabilities :

 - Input-validation errors exist that allow memory corruption leading to arbitrary code execution. (CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6233, CVE-2019-6234)

 - Input-validation errors exist that allow an attacker to perform cross-site scripting attacks. (CVE-2019-6228, CVE-2019-6228)

Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12.0.3. It is, therefore, affected by the following vulnerabilities :

  - Input-validation errors exist that allow memory     corruption leading to arbitrary code execution.
    (CVE-2019-6212, CVE-2019-6215, CVE-2019-6216,     CVE-2019-6217, CVE-2019-6226, CVE-2019-6227,     CVE-2019-6233, CVE-2019-6234)

  - Input-validation errors exist that allow an attacker to     perform cross-site scripting attacks. (CVE-2019-6228,     CVE-2019-6228)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apple iOS running on the mobile device is prior to 12.1.3. It is, therefore, affected by multiple vulnerabilities:

  - Multiple unspecified vulnerabilities in WebKit     can lead to arbitrary code execution if a user     is enticed to visit a malicious web page.
    (CVE-2019-6227, CVE-2019-6233, CVE-2019-6234)

  - A maliciously crafted SQL query could lead to     arbitrary code execution.
    (CVE-2018-20346, CVE-2018-20505,     CVE-2018-20506)

  - A malicious application could lead to arbitrary     code execution with kernel privileges.
    (CVE-2019-6218)

Additionally several other vulnerabilities exist, the highest of which could allow an attacker to perform a remote code execution attack by enticing a user to view malicious web content.

ID	Name	Product	Family	Severity
700556	Apple iOS < 12.1.3 Multiple Vulnerabilities (APPLE-SA-2019-1-22-1)	Nessus Network Monitor	Mobile Devices	medium
700508	Apple Safari < 12.0.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
121388	macOS : Apple Safari < 12.0.3 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
121331	Apple iOS < 12.1.3 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2019-6228

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

medium

high

high

high