8 matches found
PT-2026-49057
Name of the Vulnerable Software and Affected Versions Fleet affected versions not specified Description An issue in the Apple MDM commands listing endpoint allows authenticated users with the Observer role to extract sensitive data from joined database tables, such as host enrollment secrets and...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the Apple MDM profile delivery pipeline. An attacker can access or modify sensitive database contents, such as user credentials, API tokens, and device enrollment secrets, by sending a malicious UDID during the MDM...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the MDM bootstrap package configuration. An attacker can modify arbitrary team configurations, exfiltrate sensitive data from the database, and inject arbitrary content into team configurations by sending crafted API...
CVE-2026-34385
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...
CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...
CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...
Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info
Enterprises using Apple’s Device Enrollment Program DEP for mobile device management MDM enrollment, without adding secondary authentication, are placing themselves at risk for information exfiltration and attacks, according to researchers. MDM is a common enterprise technology offered by multipl...
Bypass iCloud/Activation Lock using XenMobile
An end user may return an iOS device to the I.T. department and does not supply their iCloud account information. After a restore, the I.T. department cannot enroll the device as the device cannot be unlocked without iCloud credentials. XenMobile can issue a 'Activation Bypass Code' as per Apple...