Vulners
Lucene search
iTunes Mobile iOS Device Backup Enumeration (Mac OS X)
| Source | Link |
|---|---|
| support | www.support.apple.com/kb/HT1766 |
#TRUSTED 2e773374715f54d4dd9de8ef5e922fe72eee50f511d68d023095e618ae4490236268d8988ddc3123851a803251e28b7113616db71b8bd096bf1369766601006f3d89ae9317aab85f742459afb6df3019614747d4ecc0283846113648a6170602e00e130b47ccdfcbdfede56bf02df82ddbee0c2fc18223bf56884cba7bfa1b25616550e72bc657f199716b64de48e7abb21a267ec7b9886aa6a62d3c432e077f2a14ebdd46dd27711f75fabfaa22fe8b3c408dd98719f3ffb8480aa334492913ca15b23601bb7695e668e766d3f80b30adfba23287f0de5841293c0c3d039ce2af8d4bd50c72126f9d5f4d514a3e0ba1092ebd4ee4522638e7ecf49cda0bfe737f064228ea421dd6321516376f7650f1c4e247fd207ef18f810f56c2df860c2fa83c7131f8bad651c76ff8cfcbbec73a2ff2e60c6d94cb432f64ef62df225ffbcd7cdbf70a7bf0fa8674ea4e2ab0c575445a2f574f20a24e9dcdcfdadec8d1ea1ddf8d55f58f0d2cd1262b642e2ffe4ddeb43e5ce662027c35ef394d1fed4d45f888f281265d9605d059c7319720ef5e07874621b601d9e8e45577de3d06ae4d43517a0435570f98b7d7a6f020f48bdd9eb051b79466109be3bc215c0f3ba6a9dca42fa11b59ee18bc1da11adceda7e9c362d6fc9ca8417233014fb29ab49001dad8e6eaee855b2692b2d56b17a8121bb744f12469e8144a37a766ebee25c9fe
#TRUST-RSA-SHA256 2033bbd95193d4c6c1ae329f76f822a8f5b116ec7dfb278583059e5c69e9cd4d12a2dfcdbbbed93e523c5d1a57c7f264d35caa8b4a1c4a94a054bc869a0b3cfa366d219ab5a3ef841096355298ff71d49a52cfa11d3549c925bb64398e45f5d5eace815884fd172abbd1321ede0405cb2dc082c36629f33b3879e8d25eb4d42669677b9f1acd17d0868dba64614427d73e66fb446c90509b28fceea1cff67d2193f358fad27985ebfcc5507d95b7f0573734c8527ea4d30ff67be4a68199164728962b57f98f4eb86e5cb2011b9747843b144e525743da36b548dfbe32b9c5f9f41c0abcf3b6e39f6f0ccee720b6411c5f8bbe9566e0dbd38ed5053bea9e9428f4142db5e28faa08de6d67b37cf846f19f1cf957363aa5f8602e00d168d850f8297e515ceb8fb4551f05eab7324fd26a83fd17452d228de4003058f9d3460caf64b8d51cf2ad12f0b13f49850a08038b759fc420a0ed427a5a6f60bd52efefd52300e7a01aa35451527b85f7fc3febd123e76a3b166f98d15bc4819103b671f78e3647acafaecf194893336421854bd6eddb3da18ff952979dc5ee43ca6995b0e42080adf41cf9ee88fe1c2b7b7d6b9febeba923307e162640a8031ab6f08916f8f40e797a428cda15f1cf04f9ec017bef55f4ee76d65a9fc23bbec6ce535df8d9ae49e6490512f9fc3fb1521f3482e14210ba8bc62c13d45aac82025a97ba07
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include("compat.inc");
if (description)
{
script_id(58501);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/21");
script_name(english:"iTunes Mobile iOS Device Backup Enumeration (Mac OS X)");
script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host is used to backup data from a mobile
device.");
script_set_attribute(attribute:"description", value:
"The iTunes install on the remote Mac OS X host is used by at least
one user to backup data from a mobile iOS device, such as an iPhone,
iPad, or iPod touch.");
script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT1766");
script_set_attribute(attribute:"solution", value:
"Make sure that backup of mobile devices agrees with your
organization's acceptable use and security policies.");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2012-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "macosx_itunes_detect.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/iTunes");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("hostlevel_funcs.inc");
enable_ssh_wrappers();
function parse_device_info(data)
{
local_var section, value, idx_start, idx_end, datakey;
local_var device_data, datakeys;
device_data = make_array();
datakeys = make_list(
'Device Name',
'Last Backup Date',
'Product Type',
'Product Version',
'Serial Number'
);
foreach datakey (datakeys)
{
section = '';
value = NULL;
# Extract each relevant key/value pair
idx_start = stridx(data, '<key>'+datakey+'</key>');
if (datakey == 'Last Backup Date')
idx_end = stridx(data, '</date>', idx_start);
else
idx_end = stridx(data, '</string>', idx_start);
if ((idx_start >= 0) && (idx_end > idx_start))
{
section = substr(data, idx_start, idx_end);
section = chomp(section);
}
# Extract the vale from the key/value pair
if (strlen(section) > 0)
{
if (datakey == 'Last Backup Date')
{
idx_start = stridx(section, '<date>');
if (idx_start >= 0)
{
value = substr(section, idx_start);
value -= '<date>';
value -= '<';
}
}
else
{
idx_start = stridx(section, '<string>');
if (idx_start >= 0)
{
value = substr(section, idx_start);
value -= '<string>';
value -= '<';
}
}
}
if (!isnull(value))
{
device_data[datakey] = value;
}
}
if (max_index(keys(device_data))) return device_data;
else return NULL;
}
if (!get_kb_item('Host/local_checks_enabled')) exit(0, 'Local checks are not enabled.');
os = get_kb_item('Host/MacOSX/Version');
if (!os) exit(0, 'The host does not appear to be running Mac OS X.');
if (isnull(get_kb_item('installed_sw/iTunes'))) exit(0, 'iTunes doesn\'t appear to be installed on the remote host.');
info_connect();
invalid_path = FALSE;
template_error = FALSE;
# For each user, look for backups in
# Library/Application Support/MobileSync/Backup
numdevices = 0;
info = NULL;
cmd = '(echo ; /usr/bin/dscl . -readall /Users NFSHomeDirectory UniqueID) |while read sep; do read Home; read Record; read UniqueID; UniqueID=`echo $UniqueID | awk \'{print $2}\'`; test "$UniqueID" -gt 499 && echo $Record:|awk \'{print $2}\' && Home=`echo $Home|awk \'{print $2}\'` && test -d "$Home"/Library/Application\\ Support/MobileSync/Backup/ && echo "$Home"/Library/Application\\ Support/MobileSync/Backup/*; done';
result = info_send_cmd(cmd:cmd);
if (!isnull(result))
{
lines = split(result, keep:FALSE);
foreach line (lines)
{
devicehash = NULL;
if ('Library/Application Support/MobileSync/Backup/' >< line)
{
# Replace ' /' with ';/' to make it easier to split up the hashes
# into a list
line = str_replace(string:line, find:' /', replace:';/');
hashlist = split(line, sep:';', keep:FALSE);
if (!isnull(hashlist))
{
for (i=0; i<max_index(hashlist); i++)
{
data = NULL;
plistfile = hashlist[i] + '/Info.plist';
plistfile = str_replace(string:plistfile, find:'Application Support', replace:'Application\\ Support');
match = pregmatch(pattern:"(^.*)Library/Application\\ Support/MobileSync/Backup/(.*$)", string:plistfile);
if(isnull(match) || isnull(match[1]) || isnull(match[2]))
continue;
cmd = "cat '$1$Library/Application\ Support/MobileSync/Backup/$2$'";
args = [match[1], match[2]];
# Parse the data in the plist file
data = run_cmd_template(template:cmd, args:args);
if(data["error"] != HLF_OK)
{
if(data["error"] == HLF_INVALID)
invalid_path = TRUE;
else
template_error = TRUE;
continue;
}
data = data["data"];
if (!isnull(data) && '<?xml version=' >< data)
{
ret = parse_device_info(data:data);
if (!isnull(ret))
{
numdevices++;
# Build the report
info += '\n File path : ' + plistfile;
info +=
'\n Device name : ' + ret['Device Name'] +
'\n Product type : ' + ret['Product Type'] +
'\n Product version : ' + ret['Product Version'] +
'\n Serial number : ' + ret['Serial Number'] +
'\n Last backup date : ' + ret['Last Backup Date'] + '\n';
}
}
if (numdevices && !thorough_tests) break;
}
}
}
}
}
if (info_t == INFO_SSH)
ssh_close_connection();
errors = "";
if(invalid_path)
errors += '\n One or more path names contained invalid characters.';
if(template_error)
errors += '\n An error occurred due to a command template mismatch.';
if (errors != '')
errors = '\nResults may not be complete due to the following errors : ' + errors + '\n';
if (!isnull(info))
{
if (report_verbosity > 0)
{
if (numdevices > 1)
{
a = 'Backups';
s = 's were detected';
}
else
{
a = 'A backup';
s = ' was detected';
}
report =
'\n' + a + ' for the following mobile device' + s + ' :\n' +
info +
'\n' + errors;
security_note(port:0, extra:report);
}
else security_note(0);
exit(0);
}
else exit(0, 'No backups were detected for mobile iOS devices on the remote host.' + errors);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 May 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8