Apple iOS < 5.0 Multiple Vulnerabilities (BEAST)

Critical Nessus Plugin ID 60026

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

Report iOS devices older than 5.0.

Description

The mobile device is running a version of iOS that is prior to version 5.0. Version 5.0 contains numerous security-related fixes for the following vulnerabilities :

- Apple iOS Calendar Synchronization SSL Certificate Validation Information Disclosure Vulnerability (CVE-2011-3253)

- Apple iOS Calendar Cross-Site Scripting Vulnerability (CVE-2011-3254)

- Apple iOS CFNetwork Information Disclosure Vulnerability (CVE-2011-3255)

- Apple iOS and Mac OS X CFNetwork Cross Domain Information Disclosure Vulnerability (CVE-2011-3246)

- Apple Mac OS X CoreFoundation Memory Corruption Vulnerability (CVE-2011-0259)

- FreeType Font Document Multiple Memory Corruption Vulnerabilities (CVE-2011-3256)

- Apple Mac OS X QuickTime Cross-Domain Information Disclosure Vulnerability (CVE-2011-0187)

- Apple iOS Mail Cookie Synchronization Validation Information Disclosure Vulnerability (CVE-2011-3257)

- An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389)

- Opera Web Browser Information Disclosure Vulnerability

- Apple iOS Home Screen Information Disclosure Vulnerability (CVE-2011-3431)

- libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability (CVE-2011-0192)

- Apple Safari ImageIO TIFF Image Handling Heap Buffer Overflow Vulnerability (CVE-2011-0241)

- Apple Mac OS X ICU Buffer Overflow Vulnerability (CVE-2011-0206)

- Apple Kernel TCP Exhaustion Denial of Service Vulnerability (CVE-2011-3259)

- Apple Mac OS X IPV6 Socket Options Denial of Service Vulnerability (CVE-2011-1132)

- Apple iOS Keyboard Information Disclosure Vulnerability (CVE-2011-3245)

- Apple Safari 'libxml' Remote Code Execution Vulnerability (CVE-2011-0216)

- Apple iPhone/iPad/iPod Touch prior to iOS 5 Buffer Overflow Vulnerability (CVE-2011-3260)

- Apple iPhone/iPad/iPod Touch prior to iOS 5 Remote Code Execution Vulnerability (CVE-2011-3261)

- Apple Mac OS X QuickLook Office File Memory Corruption Vulnerability (CVE-2011-0208)

- Apple Mac OS X QuickLook Remote Code Execution Vulnerability (CVE-2011-0184)

- Apple iPhone/iPad/iPod Touch 'Content-Disposition' Header Cross-Site Scripting Vulnerability (CVE-2011-3246)

- Apple iOS Parental Restrictions Passcode Information Disclosure Vulnerability (CVE-2011-3249)

- Apple iOS Insecure Misleading UI Insecure Configuration Weakness (CVE-2011-3430)

- Apple iOS Remote Denial of Service Vulnerability (CVE-2011-3432)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0218)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0221)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0222)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0225)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0232)

- WebKit FrameOwner Element Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0233)

- WebKit Malformed XHTML Tags Use-After-Free Memory Corruption Vulnerability (CVE-2011-0234)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0235)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0238)

- WebKit 'NamedNodeMap.cpp' Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0254)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0255)

- Google Chrome prior to 9.0.597.94 Multiple Security Vulnerabilities (CVE-2011-0981)

- Google Chrome prior to 9.0.597.107 Multiple Security Vulnerabilities (CVE-2011-1109)

- Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities (CVE-2011-1188)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1288)

- Google Chrome prior to 10.0.648.204 Multiple Security Vulnerabilities (CVE-2011-1293)

- Google Chrome prior to 11.0.696.57 Multiple Security Vulnerabilities (CVE-2011-1449)

- WebKit MathML Tags Use-After-Free Remote Code Execution Vulnerability

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1453)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1457)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1462)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1797)

- WebKit Multiple Unspecified Remote Code Execution Vulnerabilities (CVE-2011-2338)

- WebKit Style Sheet Elements Remote Code Execution Vulnerability (CVE-2011-2341)

- Google Chrome Prior to 12.0.742.112 Multiple Security Vulnerabilities (CVE-2011-2351)

- Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities (CVE-2011-2359)

- Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities (CVE-2011-2823)

- Mozilla Firefox/Thunderbird/SeaMonkey YARR Remote Code Execution Vulnerability (CVE-2011-3232)

- Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities (CVE-2011-3234)

- WebKit Embedded URL Cross Domain Scripting Vulnerability (CVE-2011-0242)

- WebKit Address Bar URI Spoofing Vulnerability (CVE-2011-1107)

- WebKit 'libxslt' Remote Code Execution Vulnerability (CVE-2011-1774)

- WebKit 'HTML5' Drag and Drop Cross-Origin Information Disclosure Vulnerability (CVE-2011-0166)

- WebKit Inactive DOM Windows Cross Domain Scripting Vulnerability (CVE-2011-3243)

- Apple iOS WiFi Credentials Information Disclosure Vulnerability (CVE-2011-3234)

Solution

Apple has released a set of patches for your iOS-based device.

See Also

https://support.apple.com/en-us/HT202349

https://www.imperialviolet.org/2011/09/23/chromeandbeast.html

https://www.openssl.org/~bodo/tls-cbc.txt

Plugin Details

Severity: Critical

ID: 60026

File Name: apple_ios_50_check.nbin

Version: 1.81

Type: local

Published: 2012/06/19

Updated: 2020/09/14

Dependencies: 60033

Risk Information

Risk Factor: Critical

VPR Score: 7.4

CVSS Score Source: CVE-2011-0983

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Required KB Items: mdm/dependency/unlocked

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/05/31

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (Apple Safari Webkit libxslt Arbitrary File Creation)

ExploitHub (EH-11-678)

Reference Information

CVE: CVE-2011-0166, CVE-2011-0184, CVE-2011-0187, CVE-2011-0192, CVE-2011-0206, CVE-2011-0208, CVE-2011-0216, CVE-2011-0218, CVE-2011-0221, CVE-2011-0222, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0238, CVE-2011-0241, CVE-2011-0242, CVE-2011-0254, CVE-2011-0255, CVE-2011-0259, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1132, CVE-2011-1188, CVE-2011-1190, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1295, CVE-2011-1296, CVE-2011-1449, CVE-2011-1451, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1774, CVE-2011-1797, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2351, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2359, CVE-2011-2788, CVE-2011-2790, CVE-2011-2792, CVE-2011-2797, CVE-2011-2799, CVE-2011-2800, CVE-2011-2805, CVE-2011-2809, CVE-2011-2813, CVE-2011-2814, CVE-2011-2816, CVE-2011-2817, CVE-2011-2818, CVE-2011-2819, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3232, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3243, CVE-2011-3244, CVE-2011-3245, CVE-2011-3246, CVE-2011-3253, CVE-2011-3254, CVE-2011-3255, CVE-2011-3256, CVE-2011-3257, CVE-2011-3259, CVE-2011-3260, CVE-2011-3261, CVE-2011-3389, CVE-2011-3426, CVE-2011-3427, CVE-2011-3429, CVE-2011-3430, CVE-2011-3431, CVE-2011-3432, CVE-2011-3434

BID: 46262, 46614, 46658, 46785, 46811, 46965, 46992, 47020, 47029, 47604, 48422, 48429, 48440, 48479, 48823, 48824, 48832, 48833, 48840, 48842, 48843, 48844, 48845, 48846, 48847, 48848, 48850, 48852, 48853, 48854, 48855, 48856, 48857, 48858, 48859, 48960, 49279, 49388, 49658, 49778, 49850, 50066, 50067, 50087, 50088, 50115, 50123, 50124, 50143, 50147, 50149, 50151, 50152, 50154, 50155, 50156, 50157, 50158, 50159, 50161, 51032

CERT: 864643