Apple iOS < 8.1.3 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 8639

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :

- Apple iOS is bundled with Apple WebKit. Apple WebKit is affected by several vulnerabilities which would allow a remote attacker to execute arbitrary code or crash the application. (CVE-2014-4476, CVE-2014-4477, CVE-2014-4479, CVE-2014-4459, CVE-2014-4467)
- There is a directory-traversal flaw in the 'afc' component which can allow an attacker to access unintended files. (CVE-2014-4480)
- There is a flaw in the 'mach_port_kobject' kernel interface which can allow an attacker to bypass the ASLR protection mechanism. (CVE-2014-4491, CVE-2014-4496)
- The 'iTunes Store' component allows attackers to bypass Safari sandbox protection mechanisms. (CVE-2014-8840)
- The app-installation functionality in 'MobileInstallation' is vulnerable to a flaw which would allow attackers to gain control of the local app container. (CVE-2014-4493)
- The 'Springboard' module is vulnerable to a signature-bypass vulnerability. (CVE-2014-4494)
- There is an integer overflow in CoreGraphics which allows remote code execution. (CVE-2014-4481)
- There is a buffer overflow in FontParser which allows remote code execution. (CVE-2014-4483)
- There is a flaw in the way that FontParser handles crafted .dfont files which leads to remote code execution. (CVE-2014-4484)
- There is a buffer overflow in the XML parser in the Foundation component. (CVE-2014-4485)
- The IOAcceleratorFamily does not properly handle certain data types which can lead to a NULL pointer dereference. (CVE-2014-4486)
- There is a buffer overflow in the IOHIDFamily component. (CVE-2014-4487)
- The IOHIDFamily component does not properly validate resource-queue metadata, allowing remote code execution. (CVE-2014-4488)
- The IOHIDFamily component fails to properly sanitize event queues. This can lead to remote code execution. (CVE-2014-4489)
- The kernel does not enforce read-only attributes which can allow attackers to bypass access restrictions. (CVE-2014-4495)
- The libnetcore component fails to verify certain data types which can allow remote code execution in the _networkd context. (CVE-2014-4492)

Solution

Upgrade to Apple iOS 8.1.3 or later.

See Also

http://support.apple.com/HT204243

Plugin Details

Severity: Critical

ID: 8639

Published: 2015/03/04

Modified: 2016/12/09

Dependencies: 8637

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Patch Publication Date: 2015/01/30

Vulnerability Publication Date: 2015/01/30

Reference Information

CVE: CVE-2014-4476, CVE-2014-4477, CVE-2014-4479, CVE-2014-4459, CVE-2014-4480, CVE-2014-4496, CVE-2014-8840, CVE-2014-4493, CVE-2014-4494, CVE-2014-4467, CVE-2014-4481, CVE-2014-4483, CVE-2014-4484, CVE-2014-4485, CVE-2014-4486, CVE-2014-4487, CVE-2014-4488, CVE-2014-4489, CVE-2014-4491, CVE-2014-4495, CVE-2014-4492

BID: 72329, 72262, 72330, 72331, 71144, 72334, 72333, 72327