BID:69922

Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability

Info

Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability

Bugtraq ID:	69922
Class:	Design Error
CVE:	CVE-2014-4356
Remote:	No
Local:	Yes
Published:	Sep 17 2014 12:00AM
Updated:	Sep 17 2014 12:00AM
Credit:	Mattia Schirinzi from San Pietro Vernotico (BR), Italy.
Vulnerable:	Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 7.0.6 Apple iOS 7.0.3 Apple iOS 7.0.2 Apple iOS 7.0.1 Apple iOS 6.3.1 Apple iOS 6.1.6 Apple iOS 6.1.4 Apple iOS 6.1.3 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 7.1.2 Apple iOS 7.1.1 Apple iOS 7.1 Apple iOS 7.0.4 Apple iOS 7 Apple iOS 6.1 Apple iOS 6.0.2 Apple iOS 6.0.1 Apple iOS 6 Beta 4 Apple iOS 6 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0

Not Vulnerable:	Apple iOS 8

Discussion

Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability

Apple iOS is prone to local information-disclosure vulnerability.

Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks.

NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.

Solution / Fix

Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability

References:

Apple iOS Homepage (Apple)
About the security content of iOS 8 (Apple)