Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (Other)  >   Apple iOS Vendors:   Apple
Apple iOS Lock Screen Flaw Lets Physically Local Users Access Photos and Contacts on the Target System
SecurityTracker Alert ID:  1033687
SecurityTracker URL:
CVE Reference:   CVE-2015-5923   (Links to External Site)
Date:  Oct 1 2015
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0.2
Description:   A vulnerability was reported in Apple iOS. A physically local user can access data on the target system.

A physically local user can bypass the lock screen on a locked device to obtain photos and contacts on the target system.

Impact:   A physically local user can obtain photos and contacts from a locked device.
Solution:   The vendor has issued a fix (9.0.2).

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

Subject:  APPLE-SA-2015-09-30-01 iOS 9.0.2

Hash: SHA256

APPLE-SA-2015-09-30-01 iOS 9.0.2

iOS 9.0.2 is now available and addresses the following:

Lock Screen
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A person with physical access to an iOS device may be able
to access photos and contacts from the lock screen
Description:  A lock screen issue allowed access to photos and
contacts on a locked device. This issue was addressed by restricting
options offered on a locked device.

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.0.2".

Information will also be posted to the Apple Security Updates
web site:

This message is signed with Apple's Product Security PGP key,
and details are available at:

Comment: GPGTools -



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC