Apple iOS < 9.3 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9331

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

The remote host is running a version of iOS that is prior to version 9.3 and the following components contain vulnerabilities :

- AppleUSBNetworking
- FontParser
- HTTPProtocol
- IOHIDFamily
- Kernel
- LaunchServices
- libxml2
- Messages
- Profiles
- Security
- TrueTypeScaler
- WebKit
- Wi-Fi

Solution

Upgrade to Apple iOS 9.3 or later.

See Also

https://support.apple.com/en-us/HT206166

http://www.nessus.org/u?b682fb59

Plugin Details

Severity: High

ID: 9331

Published: 5/26/2016

Updated: 3/6/2019

Nessus ID: 90118

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Patch Publication Date: 3/27/2016

Vulnerability Publication Date: 11/2/2015

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2016-1757, CVE-2015-1819, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8242, CVE-2016-1950, CVE-2016-1762, CVE-2016-0801, CVE-2016-1734, CVE-2016-1740, CVE-2015-8659, CVE-2016-1748, CVE-2016-1750, CVE-2016-1756, CVE-2016-1754, CVE-2016-1755, CVE-2016-1758, CVE-2016-1753, CVE-2016-1752, CVE-2016-1761, CVE-2016-1788, CVE-2016-1775, CVE-2016-0802, CVE-2016-1751, CVE-2016-1783, CVE-2016-1784, CVE-2016-1781, CVE-2016-1778, CVE-2016-1782, CVE-2016-1779, CVE-2016-1785, CVE-2016-1786, CVE-2016-1760, CVE-2016-1763, CVE-2016-1766, CVE-2016-1780

BID: 75570, 79509, 79562, 79536, 77681, 77390, 79507, 80438