Apple iOS < 9.3.5 Multiple Vulnerabilities (Trident)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The version of iOS running on the mobile device is affected by
multiple vulnerabilities.

Description :

The version of iOS running on the mobile device is prior to 9.3.5. It
is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the
kernel due to improper sanitization of user-supplied
input. An unauthenticated, remote attacker can exploit
this, by convincing a user to run a specially crafted
application, to disclose sensitive information from
kernel memory. (CVE-2016-4655)

- A remote code execution vulnerability exists in the
kernel due to a memory corruption issue. An
unauthenticated, remote attacker can exploit this by
convincing a user to run a specially crafted
application, to cause a denial of service condition or
execution of arbitrary code. (CVE-2016-4656)

- A remote code execution vulnerability exists in WebKit
due to a memory corruption issue. An unauthenticated,
remote attacker can exploit this, by convincing a user
to visit a malicious website, to cause a denial of
service condition or execution of arbitrary code.
(CVE-2016-4657)

These three zero day vulnerabilities were disclosed on 2016/08/25 and
are known to be used by the NSO Group's spyware product Pegasus.

See also :

https://support.apple.com/en-us/HT207107
http://www.nessus.org/u?a5d58fa6
http://www.nessus.org/u?c884d592
http://www.nessus.org/u?ce3ddb00

Solution :

Upgrade to Apple iOS version 9.3.5 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Mobile Devices

Nessus Plugin ID: 93124 ()

Bugtraq ID: 92651
92652
92653

CVE ID: CVE-2016-4655
CVE-2016-4656
CVE-2016-4657

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now