Tenable6679.PRMApple iOS < 6.1 Multiple Vulnerabilities
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.109 Low
EPSS
Percentile
95.2%
According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :
- An error related to ‘EUC-JP’ encoding could allow cross-site scripting attacks. (CVE-2011-3058)
- An out-of-bounds read error exists, related to 802.11i information handling, that could allow remote attackers to disable Wi-Fi. (CVE-2012-2619)
- An error exists related to certificate-based ‘Apple ID’ authentication that could allow improper trust extension. (CVE-2013-0963)
- An error exists related to the ‘copyin’ and ‘copyout’ functions that could allow a user-mode process to access the first page of kernel memory. (CVE-2013-0964)
- An error exists related to Mobile Safari preferences that could improperly allow JavaScript to be enabled after a user has disabled it. (CVE-2013-0974)
- Many errors exist related to the bundled ‘WebKit’ components. (CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2012-3606, CVE-2012-3607, CVE-2012-3621, CVE-2012-3632, CVE-2012-3687, CVE-2012-3701, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0962, CVE-2013-0968)
- Two intermediate certificates, improperly issued by TURKTRUST certificate authority, are incorrectly trusted.
Binary data 6679.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2889
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3621
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3632
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0948
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0949
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0951
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0974
lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
support.apple.com/kb/HT5642
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.109 Low
EPSS
Percentile
95.2%