Apple iOS < 12.4.1 Use-After-Free (SockPuppet)

Medium Nessus Network Monitor Plugin ID 701155

Synopsis

Apple iDevices running iOS 11.0 through 12.4 (excluding 12.3, 12.3.1 and iOS 13.0) are affected by a use-after-free vulnerability.

Description

Apple iDevices running iOS 11.0 through 12.4 (excluding 12.3, 12.3.1 and iOS 13.0) are affected by a use-after-free vulnerability. Affected devices are not only capable of being jailbroken, but can also be exploited by attackers.

Solution

Upgrade to Apple iOS version 12.4.1 or later. If 12.4.1 is not avaialble, 12.3, 12.3.1 and iOS 13.0 beta are currently considered not vulnerable and if users are running any of these versions, they are advised to remain on them until the 12.4.1 patch is available.

See Also

https://www.vice.com/en_us/article/qvgp77/hacker-releases-first-public-iphone-jailbreak-in-years

https://support.apple.com/en-us/HT210549

Plugin Details

Severity: Medium

ID: 701155

Published: 2019/09/20

Updated: 2019/09/20

Dependencies: 8637

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.4

Temporal Score: 7.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Patch Publication Date: 2019/09/20

Vulnerability Publication Date: 2019/09/18

Reference Information

CVE: CVE-2019-8605

BID: 108481