CVE-2014-4364

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 8 Apple TV versions prior to 7

Description The issue concerns the 802.1X subsystem, which does not enforce strong authentication methods. This allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.

Recommendations For Apple iOS versions prior to 8, update to version 8 or later to resolve the issue. For Apple TV versions prior to 7, update to version 7 or later to resolve the issue.