8 matches found
PT-2026-49057
Summary A vulnerability in Fleet's Apple MDM commands listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract sensitive values from joined database tables — including host enrollment secrets and Apple Push Notification Service APNS tokens — through a...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the Apple MDM profile delivery pipeline. An attacker can access or modify sensitive database contents, such as user credentials, API tokens, and device enrollment secrets, by sending a malicious UDID during the MDM...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the MDM bootstrap package configuration. An attacker can modify arbitrary team configurations, exfiltrate sensitive data from the database, and inject arbitrary content into team configurations by sending crafted API...
CVE-2026-34385
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...
CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...
CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...
Weakness in Apple MDM Tool Allows Access to Sensitive Corporate Info
Enterprises using Apple’s Device Enrollment Program DEP for mobile device management MDM enrollment, without adding secondary authentication, are placing themselves at risk for information exfiltration and attacks, according to researchers. MDM is a common enterprise technology offered by multipl...
Bypass iCloud/Activation Lock using XenMobile
An end user may return an iOS device to the I.T. department and does not supply their iCloud account information. After a restore, the I.T. department cannot enroll the device as the device cannot be unlocked without iCloud credentials. XenMobile can issue a 'Activation Bypass Code' as per Apple...