This script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.APPLE_IOS_601_CHECK.NBINApple iOS < 6.0.1 Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.5%
The mobile device is running a version of iOS that is older than version 6.0.1. This version contains security-related fixes for the following issues :
-
Kernel extension API responses containing an ‘OSBundleMachOHeaders’ key may include kernel addresses, which can aid in further attacks.
(CVE-2012-3749) -
The lock screen can provide ‘Passbook’ data to an attacker having physical device access but not a passcode. (CVE-2012-3750)
-
A time-of-check-to-time-of-use issue in the handling of JavaScript array in WebKit could lead to arbitrary, remote code execution. (CVE-2012-3748)
-
A use-after-free issue in the handling of SVG images in WebKit code could lead to arbitrary, remote code execution. (CVE-2012-5112)
Binary data apple_ios_601_check.nbinReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5112
lists.apple.com/archives/security-announce/2012/Nov/msg00000.html
support.apple.com/en-us/HT201347
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.5%