CVE-2014-4356 : Apple iOS before 8 does not follow the intended configuration setting for text-m

Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

Published 2014-09-18 10:55:09

Updated 2017-08-29 01:34:58

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2014-4356

Apple » Iphone Os
Versions up to, including, (<=) 7.1.2
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0
cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.1
cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.2
cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.4
cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.3
cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.5
cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.6
cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.1
cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.1.1
cpe:2.3:o:apple:iphone_os:7.1.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-4356

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 24 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-4356

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-4356

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-4356

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

CVEs referencing this url
http://support.apple.com/kb/HT6441

About the security content of iOS 8 - Apple Support

CVEs referencing this url
http://www.securityfocus.com/bid/69922

Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/96081

Apple iOS and Apple TV information disclosure CVE-2014-4356 Vulnerability Report
http://www.securitytracker.com/id/1030866

Apple iOS Multiple Bugs Let Remote Users Obtain Information and Execute Arbitrary Code andLocal Users Gain Elevated Privileges and Deny Service - SecurityTracker

CVEs referencing this url
http://www.securityfocus.com/bid/69882

RETIRED: Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-4356

Products affected by CVE-2014-4356

Exploit prediction scoring system (EPSS) score for CVE-2014-4356

CVSS scores for CVE-2014-4356

CWE ids for CVE-2014-4356

References for CVE-2014-4356