Detections
Analytics

Apple iOS < 10.2 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9847

Synopsis

The remote host is missing a critical Apple iOS patch update.

Description

The version of iOS running on the mobile device is prior to 10.2, and is affected by multiple vulnerabilities in the following components :

 - 3DES
 - Accessibility
- Accounts
 - Audio
 - Certificates
 - Clipboard
 - CoreFoundation
 - CoreGraphics
 - CoreMedia External Displays
 - CoreMedia Playback
 - CoreText
- Find My iPhone
 - FontParser
 - Graphics Driver
 - ICU
 - Image Capture
 - ImageIO
 - IOHDIXController
 - IOHIDFamily
 - IOKit 152301)
 - kernel
 - libarchive
 - Local Authentication
 - MIG
 - Media Player
 - OCSP
 - Power Management
 - Profiles
 - S/MIME
 - SpringBoard
 - syslog
 - WebKit
- WebSheet

Solution

Upgrade to Apple iOS 10.2 or later.

See Also

https://support.apple.com/en-us/HT207422

https://support.apple.com/en-us/HT207423

https://support.apple.com/en-us/HT207425

Plugin Details

Severity: High

ID: 9847

Published: 1/5/2017

Updated: 3/6/2019

Nessus ID: 95826

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:iphone_os

Patch Publication Date: 12/12/2016

Vulnerability Publication Date: 12/13/2016

Reference Information

CVE: CVE-2016-4689, CVE-2016-4690, CVE-2016-4691, CVE-2016-4693, CVE-2016-4781, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7601, CVE-2016-7606, CVE-2016-7607, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7619, CVE-2016-7621, CVE-2016-7623, CVE-2016-7626, CVE-2016-7627, CVE-2016-7630, CVE-2016-7634, CVE-2016-7636, CVE-2016-7637, CVE-2016-7638, CVE-2016-7643, CVE-2016-7644, CVE-2016-7651, CVE-2016-7653, CVE-2016-7655, CVE-2016-7657, CVE-2016-7659, CVE-2016-7660, CVE-2016-7661, CVE-2016-7662, CVE-2016-7663, CVE-2016-7664, CVE-2016-7665, CVE-2016-7667, CVE-2016-7714, CVE-2016-7762, CVE-2016-7765

BID: 94850, 94905