CVE-2015-3756
low
CVSS v3
—
CVSS v2
2.1
VIR risk
2.1
Description
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: product-security@apple.com — https://support.apple.com/kb/HT205030
Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | affected | |
References
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
- http://www.securityfocus.com/bid/76337
- http://www.securitytracker.com/id/1033275
- https://support.apple.com/kb/HT205030
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
- http://www.securityfocus.com/bid/76337
- http://www.securitytracker.com/id/1033275
- https://support.apple.com/kb/HT205030
CWEs
CWE-254
Verify integrity in audit chain (admin only). AS-IS.