CVE-2015-1106 - Vulnerability Details - OpenCVE

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os

Configuration 1 [-]

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
http://www.securityfocus.com/bid/73978
http://www.securitytracker.com/id/1032050
https://support.apple.com/HT204661

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2015-04-10T14:00:00

Updated: 2024-08-06T04:33:20.300Z

Reserved: 2015-01-16T00:00:00

Link: CVE-2015-1106

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-04-10T14:59:21.857

Modified: 2024-11-21T02:24:41.107

Link: CVE-2015-1106

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T16:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "APPLE-SA-2015-04-08-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"}, {"name": "1032050", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032050"}, {"name": "73978", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/73978"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT204661"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2015-1106", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2015-04-08-3", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"}, {"name": "1032050", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032050"}, {"name": "73978", "refsource": "BID", "url": "http://www.securityfocus.com/bid/73978"}, {"name": "https://support.apple.com/HT204661", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204661"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:33:20.300Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2015-04-08-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"}, {"name": "1032050", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032050"}, {"name": "73978", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/73978"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT204661"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2015-1106", "datePublished": "2015-04-10T14:00:00", "dateReserved": "2015-01-16T00:00:00", "dateUpdated": "2024-08-06T04:33:20.300Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0340315-35F7-4736-854B-852916D00673", "versionEndIncluding": "8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard."}, {"lang": "es", "value": "La caracter\u00edstica QuickType en el subsistema Keyboards en Apple iOS anterior a 8.3 permite a atacantes f\u00edsicamente pr\u00f3ximos descubrir contrase\u00f1as mediante la lectura de la pantalla de bloqueo durante el uso de un teclado Bluetooth."}], "id": "CVE-2015-1106", "lastModified": "2024-11-21T02:24:41.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-10T14:59:21.857", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/73978"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1032050"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT204661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/73978"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT204661"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}