Sign-up

ID

VAR-201411-0560


TITLE

Apple iPhone Sandbox Security Bypass Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-08482 // BID: 71219

DESCRIPTION

The Apple iPhone is a popular smartphone device. The Apple iPhone has a sandbox security bypass vulnerability that an attacker can use to bypass the sandbox restrictions. This may aid in further attacks. Very limited information is currently available regarding this issue. We will update this BID as more information emerges

Trust: 0.81

sources: CNVD: CNVD-2014-08482 // BID: 71219

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-08482

AFFECTED PRODUCTS

vendor:applemodel:iphonescope: - version: -

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:50

Trust: 0.3

sources: CNVD: CNVD-2014-08482 // BID: 71219

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-08482
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2014-08482
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-08482

THREAT TYPE

network

Trust: 0.3

sources: BID: 71219

TYPE

Design Error

Trust: 0.3

sources: BID: 71219

EXTERNAL IDS

db:BIDid:71219

Trust: 0.9

db:CNVDid:CNVD-2014-08482

Trust: 0.6

sources: CNVD: CNVD-2014-08482 // BID: 71219

REFERENCES

url:http://www.securityfocus.com/bid/71219

Trust: 0.6

url:http://www.securityweek.com/mobile-pwn2own-2014-iphone-5s-galaxy-s5-nexus-5-fire-phone-hacked

Trust: 0.3

url:http://h30499.www3.hp.com/t5/hp-security-research-blog/mobile-pwn2own-begins-competitors-and-targets/ba-p/6669308#.vg7qk5-od8v

Trust: 0.3

sources: CNVD: CNVD-2014-08482 // BID: 71219

CREDITS

lokihardt@ASRT

Trust: 0.3

sources: BID: 71219

SOURCES

db:CNVDid:CNVD-2014-08482
db:BIDid:71219

LAST UPDATE DATE

2022-05-17T01:41:18.554000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-08482date:2014-11-25T00:00:00
db:BIDid:71219date:2014-11-11T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-08482date:2014-11-25T00:00:00
db:BIDid:71219date:2014-11-11T00:00:00