Apple iOS < 5.0 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 6041

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. Versions of Apple iOS 3.0 through 4.3.5 are affected by vulnerabilities within the following components :

- CalDAV
- Calendar
- CFNetwork
- CoreFoundation
- CoreGraphics
- CoreMedia
- Data Access - Data Security
- Home security
- ImageIO
- Kernel
- Keyboards
- libxml
- OfficeImport
- Safari
- Settings
- UIKit Alerts
- WebKit
- WiFi

Solution

Upgrade to Apple iOS 5.0 or later.

See Also

http://support.apple.com/kb/HT4999

http://lists.apple.com/archives/security-announce//2011/Oct/msg00001.html

Plugin Details

Severity: High

ID: 6041

Published: 2011/10/12

Updated: 2019/03/06

Dependencies: 8637

Nessus ID: 60026

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Patch Publication Date: 2011/10/12

Vulnerability Publication Date: 2011/10/12

Exploitable With

CANVAS (White_Phosphorus)

Metasploit (Apple Safari Webkit libxslt Arbitrary File Creation)

Reference Information

CVE: CVE-2011-0166, CVE-2011-0184, CVE-2011-0187, CVE-2011-0192, CVE-2011-0206, CVE-2011-0208, CVE-2011-0216, CVE-2011-0218, CVE-2011-0222, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0238, CVE-2011-0241, CVE-2011-0242, CVE-2011-0254, CVE-2011-0255, CVE-2011-0259, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117, CVE-2011-1121, CVE-2011-1132, CVE-2011-1188, CVE-2011-1190, CVE-2011-1203, CVE-2011-1204, CVE-2011-1288, CVE-2011-1293, CVE-2011-1295, CVE-2011-1296, CVE-2011-1449, CVE-2011-1451, CVE-2011-1453, CVE-2011-1457, CVE-2011-1462, CVE-2011-1774, CVE-2011-1797, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2351, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2359, CVE-2011-2788, CVE-2011-2790, CVE-2011-2792, CVE-2011-2797, CVE-2011-2799, CVE-2011-2800, CVE-2011-2805, CVE-2011-2809, CVE-2011-2813, CVE-2011-2814, CVE-2011-2816, CVE-2011-2817, CVE-2011-2818, CVE-2011-2819, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3232, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3243, CVE-2011-3244, CVE-2011-3245, CVE-2011-3246, CVE-2011-3253, CVE-2011-3254, CVE-2011-3255, CVE-2011-3256, CVE-2011-3257, CVE-2011-3259, CVE-2011-3260, CVE-2011-3261, CVE-2011-3389, CVE-2011-3426, CVE-2011-3427, CVE-2011-3429, CVE-2011-3430, CVE-2011-3431, CVE-2011-3432, CVE-2011-3434

BID: 46262, 46811, 46965, 46992, 46658, 47020, 48422, 48429, 48440, 48823, 48824, 48832, 48833, 48840, 48842, 48844, 48845, 48846, 48847, 48848, 48852, 48853, 48854, 48855, 48856, 48857, 48858, 48859, 49658, 49778, 49850, 50066, 50067, 50086, 50087, 50088, 50115, 50123, 50124, 50143, 50147, 50149, 50151, 50152, 50154, 50155, 50156, 50157, 50158, 50159, 50161

IAVA: 2012-A-0073, 2012-A-0153

IAVB: 2012-B-0006