Computer Security
[EN] securityvulns.ru no-pyccku


Apple iOS multiple security vulnerabilities
updated since 27.10.2014
Published:03.11.2014
Source:
SecurityVulns ID:14062
Type:library
Threat Level:
6/10
Description:Unauthorized bluetooth access, insufficient encryption, insufficient certificate check, information leakage, SSL poodle attack.
Affected:APPLE : iOS 8.0
CVE:CVE-2014-4450 (The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.)
 CVE-2014-4449 (iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
 CVE-2014-4448 (House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.)
 CVE-2014-4428 (Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.)
 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.)
Original documentdocumentVulnerability Lab, Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability (03.11.2014)
 documentAPPLE, APPLE-SA-2014-10-20-1 iOS 8.1 (27.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod