CVE-2015-3725

Vulnerability

MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, allowing a malicious universal provisioning profile app to cause ID collisions. This issue affects iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later running iOS versions prior to 8.4 [1].

Exploitation

An attacker must craft a malicious universal provisioning profile app that deliberately creates a bundle ID colliding with an existing Watch app's bundle ID. The attacker then needs to distribute this app through the App Store (or via enterprise provisioning) and have the user install it. No special network position or additional authentication is required beyond standard app installation [1].

Impact

Successful exploitation results in a denial of service: the collision causes Watch launch outage, preventing legitimate Watch apps from launching. The attacker does not gain code execution or data access, but the affected device owner cannot use Watch-related functionality [1].

Mitigation

Apple addressed the issue in iOS 8.4, released on June 30, 2015 [1]. Users should update to iOS 8.4 or later via device settings or iTunes. No workaround exists for unpatched devices [1].