Unencrypted Downgrade Attack in Multipeer Connectivity Component in Apple iOS

Unencrypted Downgrade Attack in Multipeer Connectivity Component in Apple iOS

CVE-2015-5851 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.

Learn more about our Cis Benchmark Audit For Apple Ios.