9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.969 High
EPSS
Percentile
99.7%
The mobile device is running a version of iOS that is prior to version 5.0. Version 5.0 contains numerous security-related fixes for the following vulnerabilities :
Apple iOS Calendar Synchronization SSL Certificate Validation Information Disclosure Vulnerability (CVE-2011-3253)
Apple iOS Calendar Cross-Site Scripting Vulnerability (CVE-2011-3254)
Apple iOS CFNetwork Information Disclosure Vulnerability (CVE-2011-3255)
Apple iOS and Mac OS X CFNetwork Cross Domain Information Disclosure Vulnerability (CVE-2011-3246)
Apple Mac OS X CoreFoundation Memory Corruption Vulnerability (CVE-2011-0259)
FreeType Font Document Multiple Memory Corruption Vulnerabilities (CVE-2011-3256)
Apple Mac OS X QuickTime Cross-Domain Information Disclosure Vulnerability (CVE-2011-0187)
Apple iOS Mail Cookie Synchronization Validation Information Disclosure Vulnerability (CVE-2011-3257)
An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389)
Opera Web Browser Information Disclosure Vulnerability
Apple iOS Home Screen Information Disclosure Vulnerability (CVE-2011-3431)
libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow Vulnerability (CVE-2011-0192)
Apple Safari ImageIO TIFF Image Handling Heap Buffer Overflow Vulnerability (CVE-2011-0241)
Apple Mac OS X ICU Buffer Overflow Vulnerability (CVE-2011-0206)
Apple Kernel TCP Exhaustion Denial of Service Vulnerability (CVE-2011-3259)
Apple Mac OS X IPV6 Socket Options Denial of Service Vulnerability (CVE-2011-1132)
Apple iOS Keyboard Information Disclosure Vulnerability (CVE-2011-3245)
Apple Safari ‘libxml’ Remote Code Execution Vulnerability (CVE-2011-0216)
Apple iPhone/iPad/iPod Touch prior to iOS 5 Buffer Overflow Vulnerability (CVE-2011-3260)
Apple iPhone/iPad/iPod Touch prior to iOS 5 Remote Code Execution Vulnerability (CVE-2011-3261)
Apple Mac OS X QuickLook Office File Memory Corruption Vulnerability (CVE-2011-0208)
Apple Mac OS X QuickLook Remote Code Execution Vulnerability (CVE-2011-0184)
Apple iPhone/iPad/iPod Touch ‘Content-Disposition’ Header Cross-Site Scripting Vulnerability (CVE-2011-3246)
Apple iOS Parental Restrictions Passcode Information Disclosure Vulnerability (CVE-2011-3249)
Apple iOS Insecure Misleading UI Insecure Configuration Weakness (CVE-2011-3430)
Apple iOS Remote Denial of Service Vulnerability (CVE-2011-3432)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0218)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0221)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0222)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0225)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0232)
WebKit FrameOwner Element Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0233)
WebKit Malformed XHTML Tags Use-After-Free Memory Corruption Vulnerability (CVE-2011-0234)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0235)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0238)
WebKit ‘NamedNodeMap.cpp’ Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0254)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-0255)
Google Chrome prior to 9.0.597.94 Multiple Security Vulnerabilities (CVE-2011-0981)
Google Chrome prior to 9.0.597.107 Multiple Security Vulnerabilities (CVE-2011-1109)
Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities (CVE-2011-1188)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1288)
Google Chrome prior to 10.0.648.204 Multiple Security Vulnerabilities (CVE-2011-1293)
Google Chrome prior to 11.0.696.57 Multiple Security Vulnerabilities (CVE-2011-1449)
WebKit MathML Tags Use-After-Free Remote Code Execution Vulnerability
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1453)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1457)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1462)
WebKit Memory Corruption Remote Code Execution Vulnerability (CVE-2011-1797)
WebKit Multiple Unspecified Remote Code Execution Vulnerabilities (CVE-2011-2338)
WebKit Style Sheet Elements Remote Code Execution Vulnerability (CVE-2011-2341)
Google Chrome Prior to 12.0.742.112 Multiple Security Vulnerabilities (CVE-2011-2351)
Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities (CVE-2011-2359)
Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities (CVE-2011-2823)
Mozilla Firefox/Thunderbird/SeaMonkey YARR Remote Code Execution Vulnerability (CVE-2011-3232)
Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities (CVE-2011-3234)
WebKit Embedded URL Cross Domain Scripting Vulnerability (CVE-2011-0242)
WebKit Address Bar URI Spoofing Vulnerability (CVE-2011-1107)
WebKit ‘libxslt’ Remote Code Execution Vulnerability (CVE-2011-1774)
WebKit ‘HTML5’ Drag and Drop Cross-Origin Information Disclosure Vulnerability (CVE-2011-0166)
WebKit Inactive DOM Windows Cross Domain Scripting Vulnerability (CVE-2011-3243)
Apple iOS WiFi Credentials Information Disclosure Vulnerability (CVE-2011-3234)
Binary data apple_ios_50_check.nbin
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0187
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0206
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0216
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0218
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0221
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0222
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0234
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0235
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0238
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0241
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0242
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0254
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0255
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0259
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1132
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1288
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1295
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1449
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1451
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1457
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2809
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2818
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2827
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2831
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3234
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3235
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3236
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3237
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3245
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3246
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3253
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3254
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3255
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3259
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3260
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3426
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3427
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3434
support.apple.com/en-us/HT202349
www.imperialviolet.org/2011/09/23/chromeandbeast.html
www.openssl.org/~bodo/tls-cbc.txt