New iOS privacy vulnerability discovered

2015/12/11

#CVE-2015-7001 discovered by CYSEC researchers

Researchers of the System Security Lab at TU Darmstadt in collaboration with researchers of University Politehnica of Bucharest and North Carolina State University have identified a privacy-related security vulnerability in the recent iOS version 9. The vulnerability affects a wide range of Apple devices ranging from iPhone 4s and later, iPod touch (5th generation) and later, as well as iPad 2 and later devices. A malicious application may maintain access to Contacts even after its access has been revoked by the user. Apple acknowledged and tackled this problem for the recent iOS version 9.2 as CVE-2015-7001. CVE stands for “Common Vulnerabilities and Exposures”.