Published: 03/07/2015 Updated: 30/12/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

MobileInstallation in Apple iOS prior to 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows malicious users to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os

A third of iThings open to VPN-hijacking, app-wrecking attacks

The Register • Darren Pauli • 01 Jul 2015

Masques off: Researchers detail five ways to wreck Apple stuff

A trio of FireEye researchers have reported twin 'app-demolishing' iOS vulnerabilities Apple has partially fixed in its latest update that could wreck core apps such as the App Store and Settings. Researchers Zhaofeng Chen, Tao Wei, Hui Xue, and Yulong Zhang revealed the latest in five so-called Masque attacks that could wreck installed apps when installed over wireless enterprise provisioning. They detailed the entire family of 'app-demolishing' Masque attacks that after some five months still ...

CVE-2015-3725

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect