Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apple iOS 8.x < 8.1.1 Multiple Vulnerabilities.

High

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :

- There is a memory corruption flaw within WebKit which can allow a remote attacker to execute arbitrary code or crash the application. (CVE-2014-4462, CVE-2014-4452)

- There is a memory corruption flaw within IOSharedDataQueue which can allow a remote attacker to execute arbitrary code in a privileged context via a crafted application. (CVE-2014-4461)

- There is a memory corruption flaw within the Mach-O executable files which allows local users to bypass code-signing restrictions. (CVE-2014-4455)

- There is a flaw in the enforcement of the failed-passcode limit. (CVE-2014-4451)

- The lock-screen protection control is vulnerable to a flaw which allows local users to bypass the failed-passcode limit. (CVE-2014-4463)

- The Sandbox Profiles subsystem does not properly implement the debugserver sandbox, allowing a bypass of the existing controls. (CVE-2014-4457)

Solution

Upgrade to Apple iOS 8.1.1 or later.