Apple iOS < 6.1 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6679
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :

- An error related to 'EUC-JP' encoding could allow cross-site scripting attacks. (CVE-2011-3058)
- An out-of-bounds read error exists, related to 802.11i information handling, that could allow remote attackers to disable Wi-Fi. (CVE-2012-2619)
- An error exists related to certificate-based 'Apple ID' authentication that could allow improper trust extension. (CVE-2013-0963)
- An error exists related to the 'copyin' and 'copyout' functions that could allow a user-mode process to access the first page of kernel memory. (CVE-2013-0964)
- An error exists related to Mobile Safari preferences that could improperly allow JavaScript to be enabled after a user has disabled it. (CVE-2013-0974)
- Many errors exist related to the bundled 'WebKit' components. (CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2012-3606, CVE-2012-3607, CVE-2012-3621, CVE-2012-3632, CVE-2012-3687, CVE-2012-3701, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0962, CVE-2013-0968)
- Two intermediate certificates, improperly issued by TURKTRUST certificate authority, are incorrectly trusted.

Solution

Upgrade to Apple iOS 6.1 or later.

See Also

http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

http://support.apple.com/kb/HT5642

Plugin Details

Severity: High

ID: 6679

Published: 1/30/2013

Updated: 3/6/2019

Dependencies: 8637

Nessus ID: 64287

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Patch Publication Date: 1/28/2013

Vulnerability Publication Date: 1/28/2013

Reference Information

CVE: CVE-2012-2824, CVE-2012-2857, CVE-2013-0952, CVE-2013-0959, CVE-2012-2619, CVE-2013-0962, CVE-2013-0951, CVE-2013-0954, CVE-2013-0964, CVE-2013-0949, CVE-2011-3058, CVE-2013-0955, CVE-2012-2889, CVE-2013-0948, CVE-2013-0950, CVE-2013-0953, CVE-2013-0956, CVE-2013-0958, CVE-2013-0968, CVE-2013-0963, CVE-2012-3606, CVE-2012-3607, CVE-2012-3621, CVE-2012-3632, CVE-2012-3687, CVE-2012-3701, CVE-2013-0974

BID: 54203, 55534, 54749, 55676, 52762, 57576, 57580, 57581, 57582, 57583, 57584, 57585, 57586, 57587, 57588, 57589, 57590, 56184, 57591, 57595, 57597, 57598