Skip to main content

Apple iOS Security Issue and Multiple Vulnerabilities

Last Update Date: 19 Sep 2014 16:38 Release Date: 19 Sep 2014 4298 Views

RISK: High Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

A security issue and multiple vulnerabilities have been identified in Apple iOS, which can be exploited by malicious people with physical access to disclose potentially sensitive information and bypass certain security restrictions and by malicious people to disclose certain sensitive information and compromise a vulnerable device.

  1. An unspecified error related to unlocking behavior can be exploited to bypass the screen lock.
  2. The Mail component does not properly handle the LOGINDISABLED IMAP capability. This can be exploited to disclose user credentials via e.g. Man-in-the-Middle (MitM) attacks.
  3. An error exists within the Safari component.
  4. An error when handling text message previews can be exploited to disclose received text messages.
  5. An error within the Weather component related to API used to determine local weather can be exploited to disclose physical location of a user via Man-in-the-Middle (MitM) attacks.
  6. Multiple errors exist within the WebKit component.

Impact

  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Versions prior to 8 running on iPhone 4s and later
  • iPod touch (5th generation) and later
  • iPad 2 and later

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 8.

Vulnerability Identifier


Source


Related Link