Apple iOS < 8.4 Multiple Vulnerabilities (Logjam)

High Nessus Plugin ID 84490

Synopsis

The version of iOS running on the mobile device is affected by multiple vulnerabilities.

Description

The mobile device is running a version of iOS prior to version 8.4. It is, therefore, affected by vulnerabilities in the following components :

- Application Store
- Certificate Trust Policy
- CFNetwork HTTPAuthentication
- CoreGraphics
- CoreText
- coreTLS
- DiskImages
- FontParser
- ImageIO
- Kernel
- Mail
- MobileInstallation
- Safari
- Security
- SQLite
- Telephony
- WebKit
- WiFi Connectivity

Solution

Upgrade to Apple iOS version 8.4 or later.

See Also

http://www.nessus.org/u?26c23cd2

https://support.apple.com/en-us/HT204941

Plugin Details

Severity: High

ID: 84490

File Name: apple_ios_84_check.nbin

Version: $Revision: 1.40 $

Type: local

Published: 2015/07/01

Modified: 2018/05/21

Dependencies: 60033

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Required KB Items: mdm/dependency/unlocked

Patch Publication Date: 2015/06/30

Vulnerability Publication Date: 2015/06/30

Reference Information

CVE: CVE-2013-1741, CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-1152, CVE-2015-1153, CVE-2015-1155, CVE-2015-1156, CVE-2015-1157, CVE-2015-3658, CVE-2015-3659, CVE-2015-3684, CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3689, CVE-2015-3690, CVE-2015-3694, CVE-2015-3703, CVE-2015-3710, CVE-2015-3717, CVE-2015-3719, CVE-2015-3721, CVE-2015-3722, CVE-2015-3723, CVE-2015-3724, CVE-2015-3725, CVE-2015-3726, CVE-2015-3727, CVE-2015-3728, CVE-2015-4000

BID: 63736, 72323, 72326, 72352, 72353, 74523, 74524, 74525, 74527, 74733

APPLE-SA: APPLE-SA-2015-06-30-1