Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apple iOS < 8.3 Multiple Vulnerabilities

High

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :

- The IOHIDFamily allows attackers within physical proximity to execute a Denial of Service attack within a kernel context. (CVE-2015-1095) - The 'Podcasts' component allows remote attackers to discover unique identifiers by reading an asset-download request data. (CVE-2015-1110) - The CFNetwork component does not properly handle cookies which may allow an attacker to bypass Same Origin Policy. (CVE-2015-1089) - The Audio Drivers subsystem does not properly validate IOKit object metadata which allows an attacker to execute arbitrary code. (CVE-2015-1086)

Solution

Upgrade to Apple iOS 8.3 or later.