Threat:
Exposure of sensitive information contained in displayed push notifications or OS dialogs that display even when the device is locked.
Threat Origin:
"About the security content of iOS 10.3"
Exploit Example:
CVE Example:
CVE-2017-2397
CVE-2017-2399
CVE-2017-2452
Possible Countermeasures:
To reduce the probability that sensitive information is displayed on the lock screen, users should use OS settings to disable display of notifications for apps that may process sensitive data.
Enterprises can use EMM technology to enforce compliance with a mobile security policy that would restrict usage of push notification or similar OS features.
New Threat
Threat ID AUT-1
Threat Category: Authentication / User to Device
Threat: Exposure of sensitive information contained in displayed push notifications or OS dialogs that display even when the device is locked.
Threat Origin:
Exploit Example:
CVE Example:
Possible Countermeasures:
References: