Apple iOS < 1.1.4 DoS

High Nessus Network Monitor Plugin ID 4425

Synopsis

The remote mobile host is vulnerable to a denial of service (DoS) attack.

Description

Versions of Apple iOS prior to 1.1.4 use a vulnerable build of the Apple Webkit prior to 420.1, which is affected by a denial of service vulnerability. This flaw exists because of the way the Safari browser handles memory. Specifically, when all memory has been utilized by the browser, it will attempt to close all inactive documents. In the process of closing these documents, a kernel panic and ensuing crash occurs. An attacker exploiting this flaw would need to be able to entice an iOS user to browse to a malicious web server. Successful exploitation would result in the device crashing.

Solution

Upgrade to iOS version 1.1.4 or higher.

See Also

http://www.securityfocus.com/archive/1/487607/30/0/threaded

Plugin Details

Severity: High

ID: 4425

File Name: 4425.prm

Published: 2008/03/14

Modified: 2016/12/09

Dependencies: 4134

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.1

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 5.8

Temporal Score: 5.6

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Patch Publication Date: 2008/02/12

Vulnerability Publication Date: 2008/02/12

Reference Information

CVE: CVE-2008-0729

BID: 27442

OSVDB: 43229