iOS Sandbox_profiles Vulnerability (CVE-2015-5749)

• Email
• Facebook
• 
  Twitter
• Google+
• Linkedin

  Severity: CRITICAL

  CVE Identifier: CVE-2015-5749

  Advisory Date: AUG 20, 2015

---

  DESCRIPTION

Apple addresses a vulnerability that exists in the way the iOS sandbox_profiles component handles third party apps. When abused, a malicious app may be allowed to read managed preferences of other apps' installed in the vulnerable iOS device.

  SOLUTION

  PATCH: https://support.apple.com/en-ph/HT205030

  AFFECTED SOFTWARE AND VERSION

• iOS versions prior to 8.4.1