Apple iOS < 6.0.1 Multiple Vulnerabilities
PVS ID: 6615 FAMILY: Web Clients RISK: HIGH NESSUS ID:62803
Description: Synopsis :\n\nThe remote host is vulnerable to multiple attack vectors.\n\nThe remote host is an iPhone, iPod Touch, or iPad running iOS. For your information, the observed version of iOS is : \n %L \n\nVersions of iOS < 6.0.1 are potentially affected by multiple vulnerabilities. Apple iOS 6.0.1 contains security fixes for the following products :\n\n - Kernel extension API responses containing an 'OSBundleMachOHeaders' key may include kernel addresses, which can aid in further attacks. (CVE-2012-3749)\n\n - The lock screen can provide 'Passbook' data to an attacker having physical device access but not a passcode. (CVE-2012-3750)\n\n - A time-of-check-to-time-of-use issue in the handling of JavaScript array in WebKit could lead to arbitrary, remote code execution. (CVE-2012-3748)\n\n - A use-after-free issue in the handling of SVG images in WebKit code could lead to arbitrary, remote code execution. (CVE-2012-5112)\n

Solution: Upgrade to iOS 6.0.1 or later.


Copyright Tenable Network Security Inc. 2012