This issue was addressed by restricting access to certain account types from unauthorized applications. A sandboxed application could get information about the currently-active iCloud account, including the name of the account. Impact: A malicious application may be able to identify the Apple ID of the userĭescription: An issue existed in the access control logic for accounts. This issue was addressed by disabling LEAP by default.ĬVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim Lamotte of Universiteit Hasselt Impact: An attacker can obtain Wi-Fi credentialsĭescription: An attacker could have impersonated a Wi-Fi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. iOS 8Īvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later To learn about other Security Updates, see Apple Security Updates. Where possible, CVE IDs are used to reference the vulnerabilities for further information. To learn more about Apple Product Security, see the Apple Product Security website.įor information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key. This document describes the security content of iOS 8.įor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |