PT-2015-1887 · Apple · Icloud+3

Deepkanwal Plaha

Published

2015-08-16

Updated

2016-12-24

CVE-2015-3782

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 8.4.1 Apple OS X versions prior to 10.10.5

Description The issue allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. This is due to a lack of protection for service data in the CloudKit component of the iOS operating system. Exploitation of this issue may allow a remote attacker to gain access to an iCloud account using a specially formed application.

Recommendations For Apple iOS versions prior to 8.4.1, update to version 8.4.1 or later to resolve the issue. For Apple OS X versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2015-11233

CVE-2015-3782

Affected Products

Cloudkit

Os X

Icloud

Ios

PT-2015-1887 · Apple · Icloud+3

CVE-2015-3782

Weakness Enumeration

Related Identifiers

Affected Products

References · 8