The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
El componente Profiles en Apple iOS en versiones anteriores a 9.3 no valida certificados correctamente, lo que permite a atacantes suplantar una relación de confianza de perfil MDM a través de vectores no especificados.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of signed MDM profiles. The issue lies in the failure to properly check the certificate chain. An attacker can leverage this vulnerability to make a MDM profile appear to be trusted.