PT-2015-1907 · Apple · Ios
Andreas Weinlein
·
Published
2015-08-06
·
Updated
2016-12-24
·
CVE-2015-5749
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
iOS versions prior to 8.4.1
Description
The issue concerns the Sandbox profiles component, which lacks proper protection of service data. This allows attackers to bypass the third-party app-sandbox protection mechanism. By using a crafted app, an attacker can read arbitrary managed preferences.
Recommendations
For iOS versions prior to 8.4.1, update to version 8.4.1 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ios