The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
References
Link | Resource |
---|---|
https://support.apple.com/kb/HT205030 | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html | Vendor Advisory |
http://www.securityfocus.com/bid/76337 | |
http://www.securitytracker.com/id/1033275 |
Configurations
Information
Published : 2015-08-16 16:59
Updated : 2016-12-23 18:59
NVD link : CVE-2015-3756
Mitre link : CVE-2015-3756
JSON object : View
CWE
CWE-254
7PK - Security Features
Products Affected
apple
- iphone_os