CVE-2015-3756
Description
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
iOS before 8.4.1 allows physically proximate attackers to establish arbitrary certificate trust via the lock screen Certificate UI.
Vulnerability
The Certificate UI in Apple iOS before 8.4.1 does not block X.509 certificate acceptance when the device is locked. This allows a physically proximate attacker to interact with the certificate dialog on the lock screen. Affected versions: iOS prior to 8.4.1 on iPhone 4s and later, iPod touch (5th gen) and later, iPad 2 and later. [1]
Exploitation
An attacker with physical proximity to a locked iOS device can trigger a certificate trust dialog (e.g., by attempting to connect to a malicious server) and complete the dialog to accept a certificate, bypassing the lock screen authentication.
Impact
Successful exploitation allows the attacker to establish arbitrary certificate trust relationships, potentially enabling man-in-the-middle attacks to intercept encrypted communications.
Mitigation
Apple fixed this issue in iOS 8.4.1 released on August 13, 2015. Users should update to iOS 8.4.1 or later. [1]
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <8.4.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlnvdVendor Advisory
- support.apple.com/kb/HT205030nvdVendor Advisory
- www.securityfocus.com/bid/76337nvd
- www.securitytracker.com/id/1033275nvd
News mentions
0No linked articles in our index yet.