VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 23, 2020· Updated Sep 17, 2024

CVE-2019-4735

CVE-2019-4735

Description

IBM MaaS360 for iOS versions 3.96.62 and prior on iOS 13+ allow an attacker with physical access to obtain sensitive information from the agent outside its container.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM MaaS360 for iOS versions 3.96.62 and prior on iOS 13+ allow an attacker with physical access to obtain sensitive information from the agent outside its container.

Vulnerability

IBM MaaS360 for iOS versions 3.96.62 and prior, when running on iOS 13 or greater, contain a vulnerability that allows an attacker with physical access to the device to obtain sensitive information from the agent outside of its container. The issue is specific to the iOS application and requires the device to be running iOS 13 or later. [1]

Exploitation

An attacker must have physical access to the device. No authentication or user interaction is required beyond the physical possession. The attacker can access sensitive information stored by the MaaS360 agent that is normally protected within the application container, due to a container boundary weakness on iOS 13+. [1]

Impact

Successful exploitation leads to disclosure of sensitive information from the MaaS360 agent. The confidentiality impact is low, as per CVSS 2.4, and there is no impact on integrity or availability. The attacker gains access to data that should be isolated within the agent's container. [1]

Mitigation

IBM has released version 3.96.70 of the MaaS360 iOS Mobile App to remediate this vulnerability. Users should update to version 3.96.70 or greater. No workarounds are available. The vulnerability is not listed on the CISA KEV as of the publication date. [1]

References
  1. Security Bulletin: MaaS360 has identified a vulnerability in the MaaS360 iOS Application. (CVE-2019-4735)

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • IBM/Maas360 Dtmllm-fuzzy2 versions
    = 3.96.62+ 1 more
    • (no CPE)range: = 3.96.62
    • (no CPE)range: 3.96.62

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.