CVE-2015-5851

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 9

Description The issue is related to the Multipeer Connectivity component, which does not require an encrypted session. This allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. The vulnerability is associated with a lack of protection for service data, which can be exploited by a local attacker to access protected information by conducting attacks on the encryption system.

Recommendations For Apple iOS versions prior to 9, update to version 9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Multipeer Connectivity component to minimize the risk of exploitation.