The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
Apple iOS is prone to an information-disclosure vulnerability.A local attacker can exploit this issue to retrieve the passcode which protects parental restrictions. Information obtained may aid in further attacks.The following Apple systems are vulnerable:iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,iOS 3.2 through 4.3.5 for iPadNOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it.
Vendor updates are available. Please see the references for more information.
An attacker requires local interactive access to exploit.