Apple iOS < 9.3.4 IOMobileFrameBuffer Arbitrary Code Execution

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The version of iOS running on the mobile device is affected by an
arbitrary code execution vulnerability.

Description :

The version of iOS running on the mobile device is prior to 9.3.4. It
is, therefore, affected by an arbitrary code execution vulnerability
in the IOMobileFrameBuffer component due to improper validation of
user-supplied input. A local attacker can exploit this to corrupt
memory, resulting in a denial of service condition or the execution of
arbitrary code.

See also :

http://www.nessus.org/u?c400269a
https://support.apple.com/en-us/HT207026

Solution :

Upgrade to Apple iOS version 9.3.4 or later.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

Family: Mobile Devices

Nessus Plugin ID: 92844 ()

Bugtraq ID: 92338

CVE ID: CVE-2016-4654

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now