CVE-2014-4448

medium

Description

House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

References

https://support.apple.com/kb/HT6541

https://exchange.xforce.ibmcloud.com/vulnerabilities/97664

http://www.securitytracker.com/id/1031077

http://www.securityfocus.com/bid/70661

http://www.securityfocus.com/archive/1/533747

Details

Source: Mitre, NVD

Published: 2014-10-22

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 4.6

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium