Unencrypted Downgrade Attack in Multipeer Connectivity Component in Apple iOS
CVE-2015-5851 · LOW Severity
AV:L/AC:L/AU:N/C:P/I:N/A:N
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
Learn more about our Cis Benchmark Audit For Apple Ios.