Apple iOS < 10.2 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9847

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

The version of iOS running on the mobile device is prior to 10.2, and is affected by multiple vulnerabilities in the following components :

- 3DES (OSVDB 148737)
- Accessibility (OSVDB 148503, OSVDB 148504)
- Accounts (OSVDB 148505)
- Audio (OSVDB 148717)
- Certificates (OSVDB 148739)
- Clipboard (OSVDB 152299)
- CoreFoundation (OSVDB 148718)
- CoreGraphics (OSVDB 148719)
- CoreMedia External Displays (OSVDB 148720)
- CoreMedia Playback (OSVDB 148721)
- CoreText (OSVDB 148722, OSVDB 149004)
- Find My iPhone (OSVDB 148506)
- FontParser (OSVDB 148724)
- Graphics Driver (OSVDB 148507)
- ICU (OSVDB 148725)
- Image Capture (OSVDB 148508)
- ImageIO (OSVDB 148726)
- IOHDIXController (OSVDB 148723)
- IOHIDFamily (OSVDB 148727)
- IOKit (OSVDB 148728, 152301)
- kernel (OSVDB 148729, OSVDB 148730, OSVDB 148731, OSVDB 148732, OSVDB 148733, OSVDB 148734)
- libarchive (OSVDB 148735)
- Local Authentication (OSVDB 148509)
- MIG (OSVDB 148714)
- Media Player (OSVDB 148511)
- OCSP (OSVDB 148738)
- Power Management (OSVDB 148736)
- Profiles (OSVDB 148512)
- S/MIME (OSVDB 148510)
- SpringBoard (OSVDB 148513)
- syslog (OSVDB 148740)
- WebKit (OSVDB 148716, OSVDB 152294)
- WebSheet (OSVDB 152297)

Solution

Upgrade to Apple iOS 10.2 or later.

See Also

https://support.apple.com/en-us/HT207422

https://support.apple.com/en-us/HT207423

https://support.apple.com/en-us/HT207425

Plugin Details

Severity: High

ID: 9847

Published: 2017/01/05

Modified: 2017/02/22

Dependencies: 8637

Nessus ID: 95826

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Patch Publication Date: 2016/12/12

Vulnerability Publication Date: 2016/12/13

Reference Information

CVE: CVE-2016-4689, CVE-2016-4690, CVE-2016-4691, CVE-2016-4693, CVE-2016-4781, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7601, CVE-2016-7606, CVE-2016-7607, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7619, CVE-2016-7621, CVE-2016-7623, CVE-2016-7626, CVE-2016-7627, CVE-2016-7634, CVE-2016-7636, CVE-2016-7637, CVE-2016-7638, CVE-2016-7643, CVE-2016-7644, CVE-2016-7651, CVE-2016-7653, CVE-2016-7655, CVE-2016-7657, CVE-2016-7659, CVE-2016-7660, CVE-2016-7661, CVE-2016-7662, CVE-2016-7663, CVE-2016-7664, CVE-2016-7665, CVE-2016-7667, CVE-2016-7714, CVE-2016-7630, CVE-2016-7762, CVE-2016-7765

BID: 94850, 94905