Apple iOS < 9.0 Multiple Vulnerabilities

critical Nessus Plugin ID 85987

Synopsis

The version of iOS running on the mobile device is affected by multiple vulnerabilities.

Description

The mobile device is running a version of iOS prior to version 9.0. It is, therefore, affected by vulnerabilities in the following components :

- Apple Pay
- AppleKeyStore
- Application Store
- Audio
- Certificate Trust Policy
- CFNetwork
- CFNetwork Cookies
- CFNetwork FTPProtocol
- CFNetwork Proxies
- CFNetwork SSL
- CommonCrypto
- CoreAnimation
- CoreCrypto
- CoreText
- Data Detectors Engine
- Dev Tools
- Disk Images
- dyld
- Game Center
- ICU
- IOAcceleratorFamily
- IOHIDFamily
- IOKit
- IOMobileFrameBuffer
- IOStorageFamily
- iTunes Store
- JavaScriptCore
- Kernel
- libc
- libpthread
- Mail
- Multipeer Connectivity
- NetworkExtension
- OpenSSL
- PluginKit
- removefile
- Safari
- Safari Safe Browsing
- Security
- Siri
- SpringBoard
- SQLite
- tidy
- WebKit
- WebKit Canvas
- WebKit Page Loading

Solution

Upgrade to Apple iOS version 9.0 or later.

See Also

https://support.apple.com/en-us/HT205212

Plugin Details

Severity: Critical

ID: 85987

File Name: apple_ios_90_check.nbin

Version: 1.90

Type: local

Published: 9/17/2015

Updated: 3/8/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-5903

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Required KB Items: mdm/dependency/unlocked

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/16/2015

Vulnerability Publication Date: 9/16/2015

Reference Information

CVE: CVE-2013-3951, CVE-2014-8146, CVE-2014-8611, CVE-2015-0286, CVE-2015-0287, CVE-2015-1129, CVE-2015-1205, CVE-2015-3801, CVE-2015-5522, CVE-2015-5523, CVE-2015-5748, CVE-2015-5764, CVE-2015-5765, CVE-2015-5767, CVE-2015-5788, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5820, CVE-2015-5821, CVE-2015-5822, CVE-2015-5823, CVE-2015-5824, CVE-2015-5825, CVE-2015-5826, CVE-2015-5827, CVE-2015-5829, CVE-2015-5831, CVE-2015-5832, CVE-2015-5834, CVE-2015-5835, CVE-2015-5837, CVE-2015-5838, CVE-2015-5839, CVE-2015-5840, CVE-2015-5841, CVE-2015-5842, CVE-2015-5843, CVE-2015-5844, CVE-2015-5845, CVE-2015-5846, CVE-2015-5847, CVE-2015-5848, CVE-2015-5850, CVE-2015-5851, CVE-2015-5855, CVE-2015-5856, CVE-2015-5857, CVE-2015-5858, CVE-2015-5859, CVE-2015-5860, CVE-2015-5861, CVE-2015-5862, CVE-2015-5863, CVE-2015-5867, CVE-2015-5868, CVE-2015-5869, CVE-2015-5874, CVE-2015-5876, CVE-2015-5879, CVE-2015-5880, CVE-2015-5882, CVE-2015-5885, CVE-2015-5892, CVE-2015-5895, CVE-2015-5896, CVE-2015-5898, CVE-2015-5899, CVE-2015-5903, CVE-2015-5904, CVE-2015-5905, CVE-2015-5906, CVE-2015-5907, CVE-2015-5912, CVE-2015-5916, CVE-2015-5921

BID: 60440, 71621, 72288, 73225, 73227, 73976, 74457, 75037, 76340, 76763, 76764, 76766

APPLE-SA: APPLE-SA-2015-09-16-1