CVE-2015-1085

Vulnerability

CVE-2015-1085 is an entitlement checking weakness in the AppleKeyStore component of Apple iOS versions prior to 8.3. The operating system exposed a passcode-confirmation interface that lacked proper restriction, allowing a malicious application to call this interface without appropriate entitlements. The issue affects iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later running iOS versions below 8.3 [1].

Exploitation

An attacker must first install a crafted application on the target device, which requires the user to accept the installation or have the device already compromised to that extent. The malicious app then repeatedly calls the unsecured passcode-confirmation interface, enabling it to attempt guesses against the user's passcode programmatically without any user interaction or additional permission prompts. The attacker does not need physical access to the device beyond having the app installed [1].

Impact

Successful exploitation allows the attacker to verify correct passcode guesses by observing the interface's response, dramatically increasing the feasibility of a brute-force or dictionary attack against the device passcode. This undermines the confidentiality of the device's passcode and could lead to full device compromise if the correct passcode is discovered [1].

Mitigation

Apple addressed this issue in iOS 8.3, released on April 8, 2015, by implementing improved entitlement checking that restricts access to the passcode-confirmation interface to only legitimate system processes. Users should update to iOS 8.3 or later on all affected devices. No official workaround is available for older, unsupported versions [1].