The Profiles component in Apple iPhone OS 1.0 up to and including 2.2.1 and iPhone OS for iPod touch 1.1 up to and including 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate malicious users to bypass the intended policy.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone_os 1.0.2 |
||
apple iphone_os 2.2 |
||
apple iphone_os 1.1.1 |
||
apple iphone_os 2.0.0 |
||
apple iphone_os 1.1.2 |
||
apple iphone_os 1.1.3 |
||
apple iphone_os 1.1.0 |
||
apple iphone_os 1.0.1 |
||
apple iphone_os 2.1 |
||
apple iphone_os 2.1.1 |
||
apple iphone_os 2.0.2 |
||
apple iphone_os 2.0.1 |
||
apple iphone_os 2.2.1 |
||
apple iphone_os 1.1.5 |
||
apple iphone_os 1.1.4 |
||
apple iphone_os 1.0.0 |
||
apple iphone_os 2.0 |
||
apple iphone_os |
||
apple ipod_touch |