CVE-2014-4448
low
CVSS v3
—
CVSS v2
1.9
VIR risk
1.9
Description
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: product-security@apple.com — https://support.apple.com/kb/HT6541
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | affected | |
References
- http://www.securityfocus.com/archive/1/533747
- http://www.securityfocus.com/bid/70661
- http://www.securitytracker.com/id/1031077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97664
- https://support.apple.com/kb/HT6541
- http://www.securityfocus.com/archive/1/533747
- http://www.securityfocus.com/bid/70661
- http://www.securitytracker.com/id/1031077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97664
- https://support.apple.com/kb/HT6541
CWEs
CWE-310
Verify integrity in audit chain (admin only). AS-IS.