SimpleMDM Team Discovers iOS Certificate Security Vulnerability

Last updated May 2, 2022

NOTE: Among a number of enhancements released with iOS 9.3, a security vulnerability discovered by the SimpleMDM team has also been patched.

The vulnerability CVE-2016-1766, discovered in October of last year, allowed an untrusted MDM profile to be considered as trusted. This permitted third parties to falsely identify themselves and appear as trusted by iOS. The vulnerability was rated CVSS 10, the highest vulnerability score possible based on impact and exploitability.

Upon identifying this vulnerability, we verified our service was not and would not be affected. We then followed responsible disclosure guidelines, which involves notifying appropriate parties of the issue privately and providing them time to patch the vulnerability.

Comment (1)

Leave a Reply

Your email address will not be published. Required fields are marked *

See Why Apple Admins Prefer SimpleMDM

Start My FREE 30-Day Trial Now
  • Apple releases fixes for two zero-day exploits affecting Macs, iPhones, and iPads

    By on April 4, 2022
    Read more
  • New MDM Features Coming in iOS 15 and macOS 12 Monterey

    By on June 8, 2021
    Read more
  • New MDM Features Coming in macOS 11 Big Sur & iOS 14

    By on June 22, 2020
    Read more

See Why Apple Admins Prefer SimpleMDM No strings. No Spam.

Start My 30-Day Free Trial Now