Apple iOS < 10.0.1 Kernel Memory Information Disclosure (Trident)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The version of iOS running on the mobile device is affected by an
information disclosure vulnerability.

Description :

The version of iOS running on the mobile device is prior to 10.0.1. It
is, therefore, affected by an information disclosure vulnerability in
the kernel due to improper sanitization of user-supplied input. An
unauthenticated, remote attacker can exploit this, by convincing a
user to run a specially crafted application, to disclose sensitive
information from kernel memory.

This vulnerability is one of three zero day vulnerabilities disclosed
on 2016/08/25 and is known to be used by the NSO Group's spyware
product Pegasus.

See also :

https://support.apple.com/en-us/HT207145
http://www.nessus.org/u?cf289f5e
http://www.nessus.org/u?c884d592
http://www.nessus.org/u?ce3ddb00

Solution :

Upgrade to Apple iOS version 10.0.1 or later.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N)

Family: Mobile Devices

Nessus Plugin ID: 93525 ()

Bugtraq ID: 92651
92965

CVE ID: CVE-2016-4655

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now