Apple iOS < 5.0 Multiple Vulnerabilities (BEAST)

High Nessus Plugin ID 60026

Synopsis

Report iOS devices older than 5.0.

Description

The mobile device is running a version of iOS that is prior to version 5.0. Version 5.0 contains numerous security-related fixes for the following vulnerabilities :

- Apple iOS Calendar Synchronization SSL Certificate Validation Information Disclosure Vulnerability (CVE-2011-3253)

- Apple iOS Calendar Cross-Site Scripting Vulnerability (CVE-2011-3254)

- Apple iOS CFNetwork Information Disclosure Vulnerability (CVE-2011-3255)

- Apple iOS and Mac OS X CFNetwork Cross Domain Information Disclosure Vulnerability (CVE-2011-3246)

- Apple Mac OS X CoreFoundation Memory Corruption Vulnerability (CVE-2011-0259)

- FreeType Font Document Multiple Memory Corruption Vulnerabilities (CVE-2011-3256)

- Apple Mac OS X QuickTime Cross-Domain Information Disclosure Vulnerability (CVE-2011-0187)

- Apple iOS Mail Cookie Synchronization Validation Information Disclosure Vulnerability (CVE-2011-3257)

- An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389)

- Opera Web Browser Information Disclosure Vulnerability

- Apple iOS Home Screen Information Disclosure Vulnerability (CVE-2011-3431)

- libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability (CVE-2011-0192)

- Apple Safari ImageIO TIFF Image Handling Heap Buffer Overflow Vulnerability (CVE-2011-0241)

- Apple Mac OS X ICU Buffer Overflow Vulnerability (CVE-2011-0206)

- Apple Kernel TCP Exhaustion Denial of Service Vulnerability (CVE-2011-3259)

- Apple Mac OS X IPV6 Socket Options Denial of Service Vulnerability (CVE-2011-1132)

- Apple iOS Keyboard Information Disclosure Vulnerability (CVE-2011-3245)

- Apple Safari 'libxml' Remote Code Execution Vulnerability (CVE-2011-0216)

- Apple iPhone/iPad/iPod Touch prior to iOS 5 Buffer Overflow Vulnerability (CVE-2011-3260)

- Apple iPhone/iPad/iPod Touch prior to iOS 5 Remote Code Execution Vulnerability (CVE-2011-3261)

- Apple Mac OS X QuickLook Office File Memory Corruption Vulnerability (CVE-2011-0208)

- Apple Mac OS X QuickLook Remote Code Execution Vulnerability (CVE-2011-0184)

- Apple iPhone/iPad/iPod Touch 'Content-Disposition' Header Cross-Site Scripting Vulnerability (CVE-2011-3246)

- Apple iOS Parental Restrictions Passcode Information Disclosure Vulnerability (CVE-2011-3249)

- Apple iOS Insecure Misleading UI Insecure Configuration Weakness (CVE-2011-3430)

- Apple iOS Remote Denial of Service Vulnerability (CVE-2011-3432)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0218)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0221)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0222)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0225)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0232)

- WebKit FrameOwner Element Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0233)

- WebKit Malformed XHTML Tags Use-After-Free Memory Corruption Vulnerability (CVE-2011-0234)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0235)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0238)

- WebKit 'NamedNodeMap.cpp' Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0254)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0255)

- Google Chrome prior to 9.0.597.94 Multiple Security Vulnerabilities (CVE-2011-0981)

- Google Chrome prior to 9.0.597.107 Multiple Security Vulnerabilities (CVE-2011-1109)

- Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities (CVE-2011-1188)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1288)

- Google Chrome prior to 10.0.648.204 Multiple Security Vulnerabilities (CVE-2011-1293)

- Google Chrome prior to 11.0.696.57 Multiple Security Vulnerabilities (CVE-2011-1449)

- WebKit MathML Tags Use-After-Free Remote Code Execution Vulnerability

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1453)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1457)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1462)

- WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1797)

- WebKit Multiple Unspecified Remote Code Execution Vulnerabilities (CVE-2011-2338)

- WebKit Style Sheet Elements Remote Code Execution Vulnerability (CVE-2011-2341)

- Google Chrome Prior to 12.0.742.112 Multiple Security Vulnerabilities (CVE-2011-2351)

- Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities (CVE-2011-2359)

- Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities (CVE-2011-2823)

- Mozilla Firefox/Thunderbird/SeaMonkey YARR Remote Code Execution Vulnerability (CVE-2011-3232)

- Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities (CVE-2011-3234)

- WebKit Embedded URL Cross Domain Scripting Vulnerability (CVE-2011-0242)

- WebKit Address Bar URI Spoofing Vulnerability (CVE-2011-1107)

- WebKit 'libxslt' Remote Code Execution Vulnerability (CVE-2011-1774)

- WebKit 'HTML5' Drag and Drop Cross-Origin Information Disclosure Vulnerability (CVE-2011-0166)

- WebKit Inactive DOM Windows Cross Domain Scripting Vulnerability (CVE-2011-3243)

- Apple iOS WiFi Credentials Information Disclosure Vulnerability (CVE-2011-3234)

Solution

Apple has released a set of patches for your iOS-based device.

See Also

http://support.apple.com/kb/HT4999

https://www.imperialviolet.org/2011/09/23/chromeandbeast.html

https://www.openssl.org/~bodo/tls-cbc.txt

Plugin Details

Severity: High

ID: 60026

File Name: apple_ios_50_check.nbin

Version: Revision: 1.58

Type: local

Published: 2012/06/19

Modified: 2018/08/15

Dependencies: 60033

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Required KB Items: mdm/dependency/unlocked

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/05/31

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (Apple Safari Webkit libxslt Arbitrary File Creation)

ExploitHub (EH-11-678)

Reference Information

CVE: CVE-2011-3253, CVE-2011-3254, CVE-2011-3255, CVE-2011-3246, CVE-2011-0259, CVE-2011-3256, CVE-2011-0187, CVE-2011-3257, CVE-2011-3427, CVE-2011-3389, CVE-2011-3431, CVE-2011-0192, CVE-2011-0241, CVE-2011-0206, CVE-2011-3259, CVE-2011-1132, CVE-2011-3245, CVE-2011-0216, CVE-2011-3260, CVE-2011-3261, CVE-2011-0208, CVE-2011-0184, CVE-2011-3426, CVE-2011-3429, CVE-2011-3430, CVE-2011-3432, CVE-2011-0218, CVE-2011-0221, CVE-2011-0222, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0238, CVE-2011-0254, CVE-2011-0255, CVE-2011-0981, CVE-2011-0983, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1188, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1296, CVE-2011-1449, CVE-2011-1451, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1797, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2351, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2359, CVE-2011-2788, CVE-2011-2790, CVE-2011-2792, CVE-2011-2797, CVE-2011-2799, CVE-2011-2809, CVE-2011-2813, CVE-2011-2814, CVE-2011-2816, CVE-2011-2817, CVE-2011-2818, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3232, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3244, CVE-2011-0242, CVE-2011-1295, CVE-2011-1107, CVE-2011-1774, CVE-2011-0166, CVE-2011-1190, CVE-2011-2805, CVE-2011-3243, CVE-2011-2819, CVE-2011-2800, CVE-2011-3434

BID: 50149, 50161, 50143, 50115, 50067, 50155, 46992, 50156, 49778, 49388, 50147, 46658, 48833, 48429, 50087, 48422, 50151, 48832, 50123, 50157, 48440, 46965, 50124, 50152, 50159, 50158, 48842, 48843, 48844, 48845, 48846, 48847, 48823, 48848, 48850, 48852, 48853, 46262, 46614, 46785, 48854, 47029, 47604, 48824, 48855, 48856, 48857, 48858, 50066, 51032, 48479, 48960, 49279, 49850, 49658, 48859, 47020, 48840, 46811, 50088, 50154

CERT: 864643