CoreTelephony in Apple iOS prior to 8.2 allows remote malicious users to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone os |
Remote-code exec in iOS, OS X iCloud, plus FREAK fix
While everyone was losing their mind over expensive watches, Apple sneaked out security fixes for iOS phones and tablets, and OS X computers. Both the OS X Security Update 2015-002 and iOS 8.2 address critical flaws. Leading the charge is a patch to squish the FREAK bug in the two operating systems' SSL/TLS code. Disclosed last week by researchers, the flaw allows an eavesdropper to intercept connections to HTTPS websites and downgrade the strength of the encryption, allowing miscreants to crack...