Vulnerability Description
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
CVSS Score
1.9
LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 8.0.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/533747
- http://www.securityfocus.com/bid/70661
- http://www.securitytracker.com/id/1031077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97664
- https://support.apple.com/kb/HT6541Vendor Advisory
- http://www.securityfocus.com/archive/1/533747
- http://www.securityfocus.com/bid/70661
- http://www.securitytracker.com/id/1031077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97664
- https://support.apple.com/kb/HT6541Vendor Advisory
FAQ
What is CVE-2014-4448?
CVE-2014-4448 is a vulnerability with a CVSS score of 1.9 (LOW). House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents direct...
How severe is CVE-2014-4448?
CVE-2014-4448 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4448?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.