Detections
Analytics

Apple iOS < 18.4 Multiple Vulnerabilities (122371)

critical Nessus Plugin ID 233571

Language:

Version 1.20

Nov 14, 2025, 8:44 AM

  • CVE (set "CVE" coverage to "CVE-2024-9681,CVE-2024-48958,CVE-2024-56171,CVE-2025-24095,CVE-2025-24097,CVE-2025-24113,CVE-2025-24163,CVE-2025-24167,CVE-2025-24173,CVE-2025-24178,CVE-2025-24180,CVE-2025-24182,CVE-2025-24190,CVE-2025-24192,CVE-2025-24193,CVE-2025-24194,CVE-2025-24198,CVE-2025-24202,CVE-2025-24203,CVE-2025-24205,CVE-2025-24206,CVE-2025-24208,CVE-2025-24209,CVE-2025-24210,CVE-2025-24211,CVE-2025-24212,CVE-2025-24214,CVE-2025-24216,CVE-2025-24217,CVE-2025-24220,CVE-2025-24221,CVE-2025-24230,CVE-2025-24237,CVE-2025-24238,CVE-2025-24243,CVE-2025-24244,CVE-2025-24251,CVE-2025-24252,CVE-2025-24257,CVE-2025-24264,CVE-2025-24270,CVE-2025-24271,CVE-2025-24283,CVE-2025-27113,CVE-2025-30425,CVE-2025-30426,CVE-2025-30427,CVE-2025-30428,CVE-2025-30429,CVE-2025-30430,CVE-2025-30432,CVE-2025-30433,CVE-2025-30434,CVE-2025-30436,CVE-2025-30438,CVE-2025-30439,CVE-2025-30445,CVE-2025-30447,CVE-2025-30454,CVE-2025-30456,CVE-2025-30463,CVE-2025-30466,CVE-2025-30467,CVE-2025-30469,CVE-2025-30470,CVE-2025-30471,CVE-2025-31182,CVE-2025-31183,CVE-2025-31184,CVE-2025-31191,CVE-2025-31192,CVE-2025-31196,CVE-2025-31197,CVE-2025-31199,CVE-2025-31202,CVE-2025-31203,CVE-2025-43205")
  • CVSS metrics ("CVSSv2 score" set to 10.0)
  • CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C")
  • CVSS metrics ("CVSSv3 score" set to 9.8)
  • CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H")
  • CVSSv2 score source (changed from "CVE-2024-48958" to "CVE-2024-56171")

Plugin Feed: 202511140844

Version 1.19

Nov 3, 2025, 9:25 PM

  • Logic Changes (Corrects handling base64 encoded HTTP cookies)

Plugin Feed: 202511032125

Version 1.18

Oct 27, 2025, 3:15 PM

  • Logic Changes (Gate HTTP debugging behind hidden preference)

Plugin Feed: 202510271515

Version 1.17

Oct 23, 2025, 3:11 AM

  • Logic Changes (Fix HTTP/1 library to make sure it closes unused Keep-Alive connections)

Plugin Feed: 202510230311

Version 1.15

Oct 16, 2025, 4:39 PM

  • Logic Changes (Implement workaround in HTTP library to prevent triggering an engine bug.)

Plugin Feed: 202510161639

Version 1.12

Oct 1, 2025, 9:12 PM

  • Logic Changes (Adding support for user-supplied header added to all HTTP requests.)

Plugin Feed: 202510012112

Version 1.11

Sep 30, 2025, 12:41 AM

  • Logic Changes (Add extra checks to see whether plugins should run. Modernisation of the HTTP/1 library. Various corrections and fixes for CPE related Flatline Test Failures. Remove spurious authentication header.)

Plugin Feed: 202509300041

Version 1.9

Jul 15, 2025, 2:39 AM

  • Logic Changes

Plugin Feed: 202507150239

Version 1.7

May 16, 2025, 6:20 PM

  • IAVM reference

Plugin Feed: 202505161820

Version 1.3

Apr 17, 2025, 5:16 PM

  • IAVM reference

Plugin Feed: 202504171716

Version 1.2

Apr 4, 2025, 9:01 PM

  • IAVM reference
  • STIG Severity (set to "I")

Plugin Feed: 202504042101

Version 1.1

Apr 1, 2025, 12:23 AM

  • New

Plugin Feed: 202504010023

* Changelogs are generally available for changes made after Nov 1, 2022