CVE-2015-7000
low
CVSS v3
—
CVSS v2
2.1
VIR risk
2.1
Description
Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: product-security@apple.com — https://support.apple.com/HT205370
Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | affected | |
References
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html
- http://www.securityfocus.com/bid/77268
- http://www.securitytracker.com/id/1033929
- https://support.apple.com/HT205370
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html
- http://www.securityfocus.com/bid/77268
- http://www.securitytracker.com/id/1033929
- https://support.apple.com/HT205370
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.