Apple iOS < 10.1 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9756

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

The version of iOS running on the mobile device is prior to 10.1, and is affected by multiple vulnerabilities in the following components :

- CFNetwork Proxies (CVE-2016-7579)
- Contacts (CVE-2016-4686)
- CoreGraphics (CVE-2016-4673)
- FaceTime (CVE-2016-7577)
- FontParser (CVE-2016-4660, CVE-2016-4688)
- IDS - Connectivity (CVE-2016-4721)
- iTunes (CVE-2016-4685)
- Kernel (CVE-2016-4669, CVE-2016-4680, CVE-2016-7613)
- libarchive (CVE-2016-4679)
- libxpc (CVE-2016-4675)
- Safari (CVE-2016-7581)
- Sandbox Profiles (CVE-2016-4664, CVE-2016-4665)
- Security (CVE-2016-4670)
- WebKit (CVE-2016-4666, CVE-2016-4677, CVE-2016-7578)

Solution

Upgrade to Apple iOS 10.1 or later.

See Also

https://support.apple.com/en-us/HT207271

Plugin Details

Severity: High

ID: 9756

Published: 11/8/2016

Updated: 3/6/2019

Nessus ID: 94330

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Patch Publication Date: 10/24/2016

Vulnerability Publication Date: 10/24/2016

Reference Information

CVE: CVE-2016-4660, CVE-2016-4664, CVE-2016-4665, CVE-2016-4666, CVE-2016-4669, CVE-2016-4670, CVE-2016-4673, CVE-2016-4675, CVE-2016-4677, CVE-2016-4679, CVE-2016-4680, CVE-2016-4685, CVE-2016-4686, CVE-2016-4688, CVE-2016-7578, CVE-2016-7579, CVE-2016-7581

BID: 91829, 93849, 93851, 93853, 93854, 93856, 93848