ID

VAR-201510-0233

CVE

CVE-2015-5923

TITLE

Apple iOS Vulnerable to reading user contact data

DESCRIPTION

Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. Apple iOS is prone to a local security-bypass vulnerability. Attackers with physical access to the device can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. The vulnerability is caused by the program not properly restricting the options in the lock screen state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-30-01 iOS 9.0.2 iOS 9.0.2 is now available and addresses the following: Lock Screen Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to access photos and contacts from the lock screen Description: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. CVE-ID CVE-2015-5923 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.0.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWCywnAAoJEBcWfLTuOo7tsbkP/A6aLss8SQXXBjrlKdLbAcWF x/zkFEwnHVG77cfXPwyEHnlqssVV/oc3Ynds6VdUmB4LiIT56NJc7Yl2eteg+PN7 rVePaHZ2iHBqkdT6uoeFqTDirTcc/a01crBtIp9VS8vmbKovzdNwuaVHswX1dsWd FnHA04tf/g028f+mZ5r+fvgvP35jVJZZem0aLln2EIaxB4qIwTLzLZlXt6Wwg54q tf8xcGERemCzeiVHf3XUhZlZBwdGIya+MNNS7DZxQ9+9aqlinMmnlC8Ub66UAI9C 24FphpZfMibBFh/PEBYarFnEA4DxNbFSL6wivVD4vjlgiFLLlcXpPtBU0DseOVDu spkUzYb0enjj0SZhxguxaIrUTqrtGLR0fqkQSOv1RITMalBeRvE6HDbO8U12Q5aM C1VTu0nR/6rzFOjhI1RhMLCsceuSEGCEv10ODZGzYkV2FEYiBeFU3ROloW4NqYf4 MRKwMj2SVeySjzh6qh5i5fgFsd3YUug4AnLr0Uy5Rz9xsF3CaUkvdPfksVgh/IyF fGKr/pKqqWTguTNWYoDSaf/l0jTKceke8HVd04o8nIUjw6yOTk1MsKZ2WWFuQiaE V/ZCF+ssugHCm8k7zKnjYHhe4kp5v2Q4mJ/VzOGVcqOMABi33lm6yAnRFOPSld98 ACylj1OKP3rLyDKeEwRh =7WtW -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

information disclosure

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Anonymous

SOURCES

LAST UPDATE DATE

2025-04-13T20:07:06.516000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE