Tenable8673.PRMApple iOS < 8.1.4 Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.9%
According to its banner, the remote Apple iOS device is missing a security update. It is, therefore, affected by the following vulnerabilities :
- There is a flaw in the way that the IOSurface component handles “type confusion” which would allow a remote attacker to execute arbitrary code as a privileged user. (CVE-2015-1061)
- There is a flaw in iCloud Keychain which would allow a man-in-the-middle attacker to execute arbitrary code. (CVE-2015-1065)
- The Springboard component allows a physical attacker to bypass controls and access the home screen. (CVE-2015-1064)
- The MobileStorageMounter component allows attackers to create arbitrary filesystem locations. (CVE-2015-1062)
- The CoreTelephony component allows remote attackers to cause a denial of service. (CVE-2015-1063)
- The Secure Transport component allows remote attackers to downgrade the encryption cipher. (CVE-2015-1067)
Binary data 8673.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1067
support.apple.com/HT204243
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.9%