Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apple iOS < 6.0 Multiple Vulnerabilities

High

Synopsis

The remote mobile device is running an outdated version of Apple iOS that is missing multiple security updates.

Description

According to its banner, the remote Apple iOS device is missing a security update. Versions of Apple iOS prior to 6.0 are exposed to the following vulnerabilities :

- Numerous memory errors exist related to handling 'TIFF', 'PNG' and 'JPEG' images and 'ImageIO' that can allow arbitrary code execution. (CVE-2011-1167, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2012-1173, CVE-2012-3726)

- Several issues exist related to 'CoreGraphics' and 'FreeType' (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144)

- Numerous issues exist related to libxml and can lead to application crashes or arbitrary code execution. (CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3919)

- A stack-based buffer overflow exists related to 'locale ID' and 'International Components for Unicode' (ICU). (CVE-2011-4599)

- An unitialized memory access issue exists related to 'Sorenson' encoded movie files and 'CoreMedia'. (CVE-2012-3722)

- An URL handling issue exists related to 'CFNetwork' that can disclose sensitive information. (CVE-2012-3724)

- The 'DNAv4' protocol discloses sensitive information when connecting to unencrypted Wi-Fi networks. (CVE-2012-3725)

- A buffer overflow error exists related to 'IPSec' and 'racoon' configuration files. (CVE-2012-3727)

- An invalid pointer dereference error exists related to the kernel and packet filter ioctls. (CVE-2012-3728)

- An uninitialized memory access error exists related to the kernel and the Berkeley Packet Filter interpreter. (CVE-2012-3729)

- Several issues exist related to 'Mail' and the handling of attachments and 'S/MIME' signed messages. (CVE-2012-3730, CVE-2012-3731, CVE-2012-3732)

- Information disclosure issues exist related to 'Messages', 'Office Viewer', system logs, and 'UIKit'. (CVE-2012-3733, CVE-2012-3734, CVE-2012-3743, CVE-2012-3746)

- Memory corruption errors exist related to 'OpenGL'. (CVE-2011-3457)

- Numerous errors exist related to 'Passcode Lock'. (CVE-2012-3735, CVE-2012-3736, CVE-2012-3737, CVE-2012-3738, CVE-2012-3739, CVE-2012-3740)

- An error exists in 'Restrictions' that can allow unauthorized purchases. (CVE-2012-3741)

- Errors exist in 'Safari' that are related to misleading URL characters and password auto complete. (CVE-2012-3742, CVE-2012-0680)

- A buffer overflow error exists related to 'Telephony' and SMS handling. (CVE-2012-3745)

- Many errors exist related to the bundled 'WebKit' components. (CVE-2011-2845, CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3032, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3050, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3076, CVE-2011-3078, CVE-2011-3081, CVE-2011-3086, CVE-2011-3089, CVE-2011-3090, CVE-2011-3105, CVE-2011-3913, CVE-2011-3924, CVE-2011-3926, CVE-2011-3958, CVE-2011-3966, CVE-2011-3968, CVE-2011-3969, CVE-2011-3971, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-1521, CVE-2012-2815, CVE-2012-2818, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3598, CVE-2012-3599, CVE-2012-3600, CVE-2012-3601, CVE-2012-3602, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3612, CVE-2012-3613, CVE-2012-3614, CVE-2012-3615, CVE-2012-3617, CVE-2012-3618, CVE-2012-3620, CVE-2012-3624, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3647, CVE-2012-3648, CVE-2012-3650, CVE-2012-3651, CVE-2012-3652, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3658, CVE-2012-3659, CVE-2012-3660, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671, CVE-2012-3672, CVE-2012-3673, CVE-2012-3674, CVE-2012-3676, CVE-2012-3677, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3684, CVE-2012-3686, CVE-2012-3691, CVE-2012-3693, CVE-2012-3695, CVE-2012-3696, CVE-2012-3703, CVE-2012-3704, CVE-2012-3706, CVE-2012-3708, CVE-2012-3710, CVE-2012-3747)

Solution

Upgrade to iOS 6.0 or later.