CVE-2014-4448

LOW

Description

House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

References

http://www.securityfocus.com/archive/1/533747

http://www.securityfocus.com/bid/70661

http://www.securitytracker.com/id/1031077

https://exchange.xforce.ibmcloud.com/vulnerabilities/97664

https://support.apple.com/kb/HT6541

Details

Source: MITRE

Published: 2014-10-22

Updated: 2017-08-29

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW