Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability

Bugtraq ID:	69913
Class:	Design Error
CVE:	CVE-2014-4364
Remote:	Yes
Local:	No
Published:	Sep 17 2014 12:00AM
Updated:	Oct 17 2014 08:59AM
Credit:	Pieter Robyns, Bram Bonne, Peter Quax, and Wim Lamotte of Universiteit Hasselt
Vulnerable:	Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple Apple TV 5.0 Apple Apple TV 4.4 Apple Apple TV 4.3 Apple Apple TV 4.2 Apple Apple TV 4.1 Apple Apple TV 4.0 Apple Apple TV 2.1 Apple Apple TV 1.0
Not Vulnerable:

Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability

Apple iOS and TV are prone to a spoofing vulnerability.

An attacker can exploit this issue to impersonate a WiFi access point to obtain the credentials, which will aid in further attacks.

NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.

Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability

An attacker can exploit this issue using readily available tools.

Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability

References:

• Apple iOS Homepage (Apple)
  
• Apple TV Homepage (Apple)