Apple iOS CVE-2014-4352 Local Information Disclosure Security Vulnerability

Bugtraq ID:	69932
Class:	Design Error
CVE:	CVE-2014-4352
Remote:	No
Local:	Yes
Published:	Sep 17 2014 12:00AM
Updated:	Sep 17 2014 12:00AM
Credit:	Jonathan Zdziarski
Vulnerable:	Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 7.0.6 Apple iOS 7.0.3 Apple iOS 7.0.2 Apple iOS 7.0.1 Apple iOS 6.3.1 Apple iOS 6.1.6 Apple iOS 6.1.4 Apple iOS 6.1.3 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 7.1.2 Apple iOS 7.1.1 Apple iOS 7.1 Apple iOS 7.0.4 Apple iOS 7 Apple iOS 6.1 Apple iOS 6.0.2 Apple iOS 6.0.1 Apple iOS 6 for Developer Apple iOS 6 Beta 4 Apple iOS 6 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 beta Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0
Not Vulnerable:	Apple iOS 8

Apple iOS CVE-2014-4352 Local Information Disclosure Security Vulnerability

Apple iOS is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information. This may aid in further attacks.

NOTE: This issue was previously discussed in BID 69882 (Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities) but has been given its own record to better document it.

Apple iOS CVE-2014-4352 Local Information Disclosure Security Vulnerability

An attacker with physical access to the device can exploit this issue.

Apple iOS CVE-2014-4352 Local Information Disclosure Security Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.