Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apple iOS < 8.1.4 Multiple Vulnerabilities

High

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :

- There is a flaw in the way that the IOSurface component handles "type confusion" which would allow a remote attacker to execute arbitrary code as a privileged user. (CVE-2015-1061) - There is a flaw in iCloud Keychain which would allow a man-in-the-middle attacker to execute arbitrary code. (CVE-2015-1065) - The Springboard component allows a physical attacker to bypass controls and access the home screen. (CVE-2015-1064) - The MobileStorageMounter component allows attackers to create arbitrary filesystem locations. (CVE-2015-1062) - The CoreTelephony component allows remote attackers to cause a denial of service. (CVE-2015-1063) - The Secure Transport component allows remote attackers to downgrade the encryption cipher. (CVE-2015-1067)

Solution

Upgrade to Apple iOS 8.1.4 or later.