Quicksand Vulnerability

August 20, 2015

A vulnerability was recently discovered in the Sandbox_profiles component included in versions of Apple iOS before 8.4.1. The vulnerability, dubbed Quicksand, enables an attacker to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. This vulnerability affects only those customers who use MobiControl to distribute apps that use the "Managed App Configuration" setting to configure and store private settings and information.

This vulnerability has been patched in iOS 8.4.1 issued on August 13, 2015. More information about this vulnerability can be found here and here.

Information about the security content of iOS 8.4.1 can be found here.

Customers should ensure that all iOS devices managed by MobiControl are upgraded to iOS 8.4.1.