Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apple iOS
дополнено с 27 октября 2014 г.
Опубликовано:3 ноября 2014 г.
Источник:
SecurityVulns ID:14062
Тип:библиотека
Уровень опасности:
6/10
Описание:Несанкционированное подключение по Bluetooth, недостаточное шифрование, недостаточная проверка сертификата, утечка информации, атаки poodle на SSL.
Затронутые продукты:APPLE : iOS 8.0
CVE:CVE-2014-4450 (The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.)
 CVE-2014-4449 (iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
 CVE-2014-4448 (House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.)
 CVE-2014-4428 (Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.)
 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.)
Оригинальный текстdocumentVulnerability Lab, Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability (03.11.2014)
 documentAPPLE, APPLE-SA-2014-10-20-1 iOS 8.1 (27.10.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород