SimpleMDM Team Discovers iOS Certificate Security Vulnerability

Last updated March 22, 2016

Among a number of enhancements released with iOS 9.3, a security vulnerability discovered by the SimpleMDM team has also been patched.

The vulnerability CVE-2016-1766, discovered in October of last year, allowed an untrusted MDM profile to be considered as trusted. This permitted third parties to falsely identify themselves and appear as trusted by iOS. The vulnerability was rated CVSS 10, the highest vulnerability score possible based on impact and exploitability.

Upon identifying this vulnerability, we verified our service was not and would not be affected. We then followed responsible disclosure guidelines, which involves notifying appropriate parties of the issue privately and providing them time to patch the vulnerability.

Comment (1)

Leave a Reply

Your email address will not be published. Required fields are marked *

Start your 30-day free trial of SimpleMDM

Start My Free Trial
  • New MDM Features in Apple macOS 10.14, iOS & tvOS 12

    By on June 15, 2018
    Read more
  • Apple Announces New MDM Features for iOS 11.3 & macOS 10.13.4

    By on January 25, 2018
    Read more
  • Apple iOS 10.3 Brings New MDM Features

    By on February 1, 2017
    Read more

Test-Drive SimpleMDM Right Now. No Credit Card Required.

Start My Free Trial