cvelistv5 - CVE-2015-7051

CVE-2015-7051 (GCVE-0-2015-7051)

Vulnerability from cvelistv5 – Published: 2015-12-11 11:00 – Updated: 2024-08-06 07:36

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	https://support.apple.com/HT205635	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034348	vdb-entryx_refsource_SECTRACK
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://support.apple.com/HT205640	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:36:35.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205635"
          },
          {
            "name": "1034348",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034348"
          },
          {
            "name": "APPLE-SA-2015-12-08-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205640"
          },
          {
            "name": "APPLE-SA-2015-12-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T20:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205635"
        },
        {
          "name": "1034348",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034348"
        },
        {
          "name": "APPLE-SA-2015-12-08-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205640"
        },
        {
          "name": "APPLE-SA-2015-12-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-7051",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT205635",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205635"
            },
            {
              "name": "1034348",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034348"
            },
            {
              "name": "APPLE-SA-2015-12-08-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
            },
            {
              "name": "https://support.apple.com/HT205640",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205640"
            },
            {
              "name": "APPLE-SA-2015-12-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2015-7051",
    "datePublished": "2015-12-11T11:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:36:35.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.1\", \"matchCriteriaId\": \"04EA4C73-EC97-4FC8-9AA5-D9B4A3EA869C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.0\", \"matchCriteriaId\": \"68F69582-69E2-4173-B418-26F6E63DF502\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.\"}, {\"lang\": \"es\", \"value\": \"MobileStorageMounter en Apple iOS en versiones anteriores a 9.2 y tvOS en versiones anteriores a 9.1 no maneja adecuadamente el tiempo de carga de la cach\\u00e9 de confianza, lo que permite a atacantes ejecutar c\\u00f3digo arbitrario en un contexto privilegiado a trav\\u00e9s de una aplicaci\\u00f3n manipulada.\"}]",
      "id": "CVE-2015-7051",
      "lastModified": "2024-11-21T02:36:07.677",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-12-11T11:59:17.427",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034348\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT205635\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT205640\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034348\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT205635\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT205640\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-7051\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-12-11T11:59:17.427\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.\"},{\"lang\":\"es\",\"value\":\"MobileStorageMounter en Apple iOS en versiones anteriores a 9.2 y tvOS en versiones anteriores a 9.1 no maneja adecuadamente el tiempo de carga de la cach\u00e9 de confianza, lo que permite a atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado a trav\u00e9s de una aplicaci\u00f3n manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.1\",\"matchCriteriaId\":\"04EA4C73-EC97-4FC8-9AA5-D9B4A3EA869C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.0\",\"matchCriteriaId\":\"68F69582-69E2-4173-B418-26F6E63DF502\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034348\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT205635\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205640\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201512-0150

Vulnerability from variot - Updated: 2023-12-18 11:35

MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS and tvOS are prone to multiple arbitrary code-execution vulnerabilities. An attacker can leverage these issues to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in: Apple iOS 9.2 Apple tvOS 9.1. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. MobileStorageMounter is one of the mobile storage mount components. The vulnerability is caused by the program not loading trust-cache correctly. Description: An issue existed in how Keychain Access interacted with Keychain Agent. CVE-ID CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks

Installation note:

Apple TV will periodically check for software updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2015-12-08-1 iOS 9.2

iOS 9.2 is now available and addresses the following:

AppleMobileFileIntegrity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An access control issue was addressed by preventing modification of access control structures. CVE-ID CVE-2015-7055 : Apple

AppSandbox Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt

CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to bypass HSTS Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and Muneaki Nishimura (nishimunea)

Compression Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru

CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team

CoreMedia Playback Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of malformed media files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7074 : Apple CVE-2015-7075

dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple segment validation issues existed in dyld. These were addressed through improved environment sanitization. CVE-ID CVE-2015-7072 : Apple CVE-2015-7079 : PanguTeam

GPUTools Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple path validation issues existed in Mobile Replayer. These were addressed through improved environment sanitization. CVE-ID CVE-2015-7069 : Luca Todesco (@qwertyoruiop) CVE-2015-7070 : Luca Todesco (@qwertyoruiop)

iBooks Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: An XML external entity reference issue existed with iBook parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)

ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple

IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily API. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero

IOKit SCSI Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool)

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero

LaunchServices Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7113 : Olivier Goguel of Free Tools Association

libarchive Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift

libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)

libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological University

MobileStorageMounter Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A timing issue existed in loading of the trust cache. This issue was resolved by validating the system environment before loading the trust cache. CVE-ID CVE-2015-7051 : PanguTeam

OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7065 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks

Photos Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to use the backup system to access restricted areas of the file system Description: A path validation issue existed in Mobile Backup. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7037 : PanguTeam

QuickLook Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7107

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue may have allowed a website to display content with a URL from a different website. This issue was addressed through improved URL handling. CVE-ID CVE-2015-7093 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)

Sandbox Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple

Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.

Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may gain access to a user's Keychain items Description: An issue existed in the validation of access control lists for keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-7058

Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: When a request was made to Siri, client side restrictions were not being checked by the server. This issue was addressed through improved restriction checking. CVE-ID CVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7048 : Apple CVE-2015-7095 : Apple CVE-2015-7096 : Apple CVE-2015-7097 : Apple CVE-2015-7098 : Apple CVE-2015-7099 : Apple CVE-2015-7100 : Apple CVE-2015-7101 : Apple CVE-2015-7102 : Apple CVE-2015-7103 : Apple

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: An insufficient input validation issue existed in content blocking. This issue was addressed through improved content extension parsing. CVE-ID CVE-2015-7050 : Luke Li and Jonathan Metzman

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "9.2".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV qnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1 0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx +f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9 YHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK jOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq bip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J FyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs FgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1 zLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79 X6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL /ohF4zrwzeJ8a/8oKLfe =Rjch -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0150",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.2   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.2   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.2   (ipod touch first  5 after generation )"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1   (apple tv first  4 generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tvos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-340"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7051"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple and PanguTeam",
    "sources": [
      {
        "db": "BID",
        "id": "78728"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-7051",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2015-7051",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-85012",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7051",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-340",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85012",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-340"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS and tvOS are prone to multiple arbitrary code-execution  vulnerabilities. \nAn attacker can leverage these issues to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. \nThis issue is fixed in:\nApple iOS 9.2\nApple tvOS 9.1. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. MobileStorageMounter is one of the mobile storage mount components. The vulnerability is caused by the program not loading trust-cache correctly. \nDescription:  An issue existed in how Keychain Access interacted with\nKeychain Agent. \nCVE-ID\nCVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nInstallation note:\n\nApple TV will periodically check for software updates. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2015-12-08-1 iOS 9.2\n\niOS 9.2 is now available and addresses the following:\n\nAppleMobileFileIntegrity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An access control issue was addressed by preventing\nmodification of access control structures. \nCVE-ID\nCVE-2015-7055 : Apple\n\nAppSandbox\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may maintain access to Contacts\nafter having access revoked\nDescription:  An issue existed in the sandbox\u0027s handling of hard\nlinks. This issue was addressed through improved hardening of the app\nsandbox. \nCVE-ID\nCVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University\nPOLITEHNICA of Bucharest; Luke Deshotels and William Enck of North\nCarolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi\nof TU Darmstadt\n\nCFNetwork HTTPProtocol\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may be able\nto bypass HSTS\nDescription:  An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and\nMuneaki Nishimura (nishimunea)\n\nCompression\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  An uninitialized memory access issue existed in zlib. \nThis issue was addressed through improved memory initialization and\nadditional validation of zlib streams. \nCVE-ID\nCVE-2015-7054 : j00ru\n\nCoreGraphics\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCoreMedia Playback\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of malformed media files. These issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-7074 : Apple\nCVE-2015-7075\n\ndyld\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple segment validation issues existed in dyld. \nThese were addressed through improved environment sanitization. \nCVE-ID\nCVE-2015-7072 : Apple\nCVE-2015-7079 : PanguTeam\n\nGPUTools Framework\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple path validation issues existed in Mobile\nReplayer. These were addressed through improved environment\nsanitization. \nCVE-ID\nCVE-2015-7069 : Luca Todesco (@qwertyoruiop)\nCVE-2015-7070 : Luca Todesco (@qwertyoruiop)\n\niBooks\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Parsing a maliciously crafted iBooks file may lead to\ndisclosure of user information\nDescription:  An XML external entity reference issue existed with\niBook parsing. This issue was addressed through improved parsing. \nCVE-ID\nCVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach\n(@ITSecurityguard)\n\nImageIO\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in ImageIO. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-7053 : Apple\n\nIOHIDFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple memory corruption issues existed in\nIOHIDFamily API. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7111 : beist and ABH of BoB\nCVE-2015-7112 : Ian Beer of Google Project Zero\n\nIOKit SCSI\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  A null pointer dereference existed in the handling of a\ncertain userclient type. This issue was addressed through improved\nvalidation. \nCVE-ID\nCVE-2015-7068 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local application may be able to cause a denial of service\nDescription:  Multiple denial of service issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7043 : Tarjei Mandt (@kernelpool)\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nkernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7083 : Ian Beer of Google Project Zero\nCVE-2015-7084 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  An issue existed in the parsing of mach messages. This\nissue was addressed through improved validation of mach messages. \nCVE-ID\nCVE-2015-7047 : Ian Beer of Google Project Zero\n\nLaunchServices\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the processing of\nmalformed plists. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7113 : Olivier Goguel of Free Tools Association\n\nlibarchive\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in the processing of\narchives. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2011-2895 : @practicalswift\n\nlibc\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted package may lead to\narbitrary code execution\nDescription:  Multiple buffer overflows existed in the C standard\nlibrary. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-7038\nCVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)\n\nlibxml2\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  A memory corruption issue existed in the parsing of XML\nfiles. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\n\nMobileStorageMounter\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A timing issue existed in loading of the trust cache. \nThis issue was resolved by validating the system environment before\nloading the trust cache. \nCVE-ID\nCVE-2015-7051 : PanguTeam\n\nOpenGL\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in OpenGL. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7064 : Apple\nCVE-2015-7065 : Apple\nCVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nPhotos\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to use the backup system to access\nrestricted areas of the file system\nDescription:  A path validation issue existed in Mobile Backup. This\nwas addressed through improved environment sanitization. \nCVE-ID\nCVE-2015-7037 : PanguTeam\n\nQuickLook\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7107\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  An issue may have allowed a website to display content\nwith a URL from a different website. This issue was addressed through\nimproved URL handling. \nCVE-ID\nCVE-2015-7093 : xisigr of Tencent\u0027s Xuanwu LAB (www.tencent.com)\n\nSandbox\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application with root privileges may be able to\nbypass kernel address space layout randomization\nDescription:  An insufficient privilege separation issue existed in\nxnu. This issue was addressed by improved authorization checks. \nCVE-ID\nCVE-2015-7046 : Apple\n\nSecurity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription:  A memory corruption issue existed in handling SSL\nhandshakes. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7073 : Benoit Foucher of ZeroC, Inc. \n\nSecurity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may gain access to a user\u0027s Keychain\nitems\nDescription:  An issue existed in the validation of access control\nlists for keychain items. This issue was addressed through improved\naccess control list checks. \nCVE-ID\nCVE-2015-7058\n\nSiri\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to an iOS device may be able\nto use Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription:  When a request was made to Siri, client side\nrestrictions were not being checked by the server. This issue was\naddressed through improved restriction checking. \nCVE-ID\nCVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7048 : Apple\nCVE-2015-7095 : Apple\nCVE-2015-7096 : Apple\nCVE-2015-7097 : Apple\nCVE-2015-7098 : Apple\nCVE-2015-7099 : Apple\nCVE-2015-7100 : Apple\nCVE-2015-7101 : Apple\nCVE-2015-7102 : Apple\nCVE-2015-7103 : Apple\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may reveal a user\u0027s\nbrowsing history\nDescription:  An insufficient input validation issue existed in\ncontent blocking. This issue was addressed through improved content\nextension parsing. \nCVE-ID\nCVE-2015-7050 : Luke Li and Jonathan Metzman\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV\nqnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1\n0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx\n+f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9\nYHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK\njOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq\nbip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J\nFyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs\nFgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1\nzLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79\nX6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL\n/ohF4zrwzeJ8a/8oKLfe\n=Rjch\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      },
      {
        "db": "BID",
        "id": "78728"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85012"
      },
      {
        "db": "PACKETSTORM",
        "id": "134749"
      },
      {
        "db": "PACKETSTORM",
        "id": "134745"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7051",
        "trust": 3.0
      },
      {
        "db": "SECTRACK",
        "id": "1034348",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU97526033",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006311",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-340",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "78728",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-85012",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134749",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134745",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85012"
      },
      {
        "db": "BID",
        "id": "78728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      },
      {
        "db": "PACKETSTORM",
        "id": "134749"
      },
      {
        "db": "PACKETSTORM",
        "id": "134745"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-340"
      }
    ]
  },
  "id": "VAR-201512-0150",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85012"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:35:47.039000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2015-12-08-2 tvOS 9.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00001.html"
      },
      {
        "title": "APPLE-SA-2015-12-08-1 iOS 9.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00000.html"
      },
      {
        "title": "HT205635",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205635"
      },
      {
        "title": "HT205640",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205640"
      },
      {
        "title": "HT205635",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205635"
      },
      {
        "title": "HT205640",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205640"
      },
      {
        "title": "Apple iOS  and tvOS MobileStorageMounter Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59158"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-340"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7051"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205635"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205640"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034348"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7051"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97526033/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7051"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/appletv/features.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/accessibility/tvos/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3807"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7064"
      },
      {
        "trust": 0.2,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7055"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7048"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7047"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7046"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7068"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7043"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7058"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7053"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7042"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2895"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7001"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7039"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7072"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7040"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7054"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7051"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7065"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7041"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7073"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7038"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7066"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7045"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7060"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7059"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7062"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7061"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7050"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7070"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7037"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7069"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7074"
      },
      {
        "trust": 0.1,
        "url": "https://www.linkedin.com/profile/view?id=33912591)"
      },
      {
        "trust": 0.1,
        "url": "https://www.tencent.com)"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85012"
      },
      {
        "db": "BID",
        "id": "78728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      },
      {
        "db": "PACKETSTORM",
        "id": "134749"
      },
      {
        "db": "PACKETSTORM",
        "id": "134745"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-340"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-85012"
      },
      {
        "db": "BID",
        "id": "78728"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      },
      {
        "db": "PACKETSTORM",
        "id": "134749"
      },
      {
        "db": "PACKETSTORM",
        "id": "134745"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-340"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85012"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "BID",
        "id": "78728"
      },
      {
        "date": "2015-12-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      },
      {
        "date": "2015-12-10T17:18:31",
        "db": "PACKETSTORM",
        "id": "134749"
      },
      {
        "date": "2015-12-10T17:02:06",
        "db": "PACKETSTORM",
        "id": "134745"
      },
      {
        "date": "2015-12-11T11:59:17.427000",
        "db": "NVD",
        "id": "CVE-2015-7051"
      },
      {
        "date": "2015-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-340"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85012"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "BID",
        "id": "78728"
      },
      {
        "date": "2015-12-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      },
      {
        "date": "2019-03-08T16:06:36.827000",
        "db": "NVD",
        "id": "CVE-2015-7051"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-340"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-340"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS and  tvOS of  MobileStorageMounter Vulnerable to arbitrary code execution in a privileged context",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006311"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-340"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2015-AVI-532

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple iOS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iOS versions antérieures à 9.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205635 du 08 décembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple iOS versions ant\u00e9rieures \u00e0 9.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7001"
    },
    {
      "name": "CVE-2015-7075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7075"
    },
    {
      "name": "CVE-2015-7113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7113"
    },
    {
      "name": "CVE-2015-7073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7073"
    },
    {
      "name": "CVE-2015-7069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7069"
    },
    {
      "name": "CVE-2015-7094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7094"
    },
    {
      "name": "CVE-2015-7107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7107"
    },
    {
      "name": "CVE-2015-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7039"
    },
    {
      "name": "CVE-2015-7074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7074"
    },
    {
      "name": "CVE-2015-7098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7098"
    },
    {
      "name": "CVE-2015-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7068"
    },
    {
      "name": "CVE-2015-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3807"
    },
    {
      "name": "CVE-2015-7058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7058"
    },
    {
      "name": "CVE-2015-7043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7043"
    },
    {
      "name": "CVE-2015-7066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7066"
    },
    {
      "name": "CVE-2015-7042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7042"
    },
    {
      "name": "CVE-2015-7070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7070"
    },
    {
      "name": "CVE-2015-7097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7097"
    },
    {
      "name": "CVE-2015-7072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7072"
    },
    {
      "name": "CVE-2015-7105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7105"
    },
    {
      "name": "CVE-2015-7050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7050"
    },
    {
      "name": "CVE-2015-7079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7079"
    },
    {
      "name": "CVE-2015-7081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7081"
    },
    {
      "name": "CVE-2015-7038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7038"
    },
    {
      "name": "CVE-2015-7102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7102"
    },
    {
      "name": "CVE-2015-7096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7096"
    },
    {
      "name": "CVE-2015-7048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7048"
    },
    {
      "name": "CVE-2015-7100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7100"
    },
    {
      "name": "CVE-2015-7053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7053"
    },
    {
      "name": "CVE-2015-7046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7046"
    },
    {
      "name": "CVE-2015-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7064"
    },
    {
      "name": "CVE-2015-7083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7083"
    },
    {
      "name": "CVE-2015-7095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7095"
    },
    {
      "name": "CVE-2015-7103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7103"
    },
    {
      "name": "CVE-2015-7084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7084"
    },
    {
      "name": "CVE-2015-7112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7112"
    },
    {
      "name": "CVE-2015-7099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7099"
    },
    {
      "name": "CVE-2015-7037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7037"
    },
    {
      "name": "CVE-2015-7093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7093"
    },
    {
      "name": "CVE-2015-7041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7041"
    },
    {
      "name": "CVE-2015-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7055"
    },
    {
      "name": "CVE-2015-7054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7054"
    },
    {
      "name": "CVE-2011-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
    },
    {
      "name": "CVE-2015-7111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7111"
    },
    {
      "name": "CVE-2015-7051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7051"
    },
    {
      "name": "CVE-2015-7047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7047"
    },
    {
      "name": "CVE-2015-7065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7065"
    },
    {
      "name": "CVE-2015-7080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7080"
    },
    {
      "name": "CVE-2015-7101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7101"
    },
    {
      "name": "CVE-2015-7040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7040"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-532",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205635 du 08 d\u00e9cembre 2015",
      "url": "https://support.apple.com/en-us/HT205635"
    }
  ]
}

CERTFR-2015-AVI-532

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iOS versions antérieures à 9.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205635 du 08 décembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple iOS versions ant\u00e9rieures \u00e0 9.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7001"
    },
    {
      "name": "CVE-2015-7075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7075"
    },
    {
      "name": "CVE-2015-7113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7113"
    },
    {
      "name": "CVE-2015-7073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7073"
    },
    {
      "name": "CVE-2015-7069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7069"
    },
    {
      "name": "CVE-2015-7094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7094"
    },
    {
      "name": "CVE-2015-7107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7107"
    },
    {
      "name": "CVE-2015-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7039"
    },
    {
      "name": "CVE-2015-7074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7074"
    },
    {
      "name": "CVE-2015-7098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7098"
    },
    {
      "name": "CVE-2015-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7068"
    },
    {
      "name": "CVE-2015-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3807"
    },
    {
      "name": "CVE-2015-7058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7058"
    },
    {
      "name": "CVE-2015-7043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7043"
    },
    {
      "name": "CVE-2015-7066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7066"
    },
    {
      "name": "CVE-2015-7042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7042"
    },
    {
      "name": "CVE-2015-7070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7070"
    },
    {
      "name": "CVE-2015-7097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7097"
    },
    {
      "name": "CVE-2015-7072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7072"
    },
    {
      "name": "CVE-2015-7105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7105"
    },
    {
      "name": "CVE-2015-7050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7050"
    },
    {
      "name": "CVE-2015-7079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7079"
    },
    {
      "name": "CVE-2015-7081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7081"
    },
    {
      "name": "CVE-2015-7038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7038"
    },
    {
      "name": "CVE-2015-7102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7102"
    },
    {
      "name": "CVE-2015-7096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7096"
    },
    {
      "name": "CVE-2015-7048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7048"
    },
    {
      "name": "CVE-2015-7100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7100"
    },
    {
      "name": "CVE-2015-7053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7053"
    },
    {
      "name": "CVE-2015-7046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7046"
    },
    {
      "name": "CVE-2015-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7064"
    },
    {
      "name": "CVE-2015-7083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7083"
    },
    {
      "name": "CVE-2015-7095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7095"
    },
    {
      "name": "CVE-2015-7103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7103"
    },
    {
      "name": "CVE-2015-7084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7084"
    },
    {
      "name": "CVE-2015-7112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7112"
    },
    {
      "name": "CVE-2015-7099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7099"
    },
    {
      "name": "CVE-2015-7037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7037"
    },
    {
      "name": "CVE-2015-7093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7093"
    },
    {
      "name": "CVE-2015-7041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7041"
    },
    {
      "name": "CVE-2015-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7055"
    },
    {
      "name": "CVE-2015-7054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7054"
    },
    {
      "name": "CVE-2011-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
    },
    {
      "name": "CVE-2015-7111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7111"
    },
    {
      "name": "CVE-2015-7051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7051"
    },
    {
      "name": "CVE-2015-7047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7047"
    },
    {
      "name": "CVE-2015-7065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7065"
    },
    {
      "name": "CVE-2015-7080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7080"
    },
    {
      "name": "CVE-2015-7101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7101"
    },
    {
      "name": "CVE-2015-7040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7040"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-532",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205635 du 08 d\u00e9cembre 2015",
      "url": "https://support.apple.com/en-us/HT205635"
    }
  ]
}

CNVD-2015-08190

Vulnerability from cnvd - Published: 2015-12-15

Title

Apple iOS trust cache加载任意代码执行漏洞

Description

Apple iOS是一款苹果公司开发的用于手机等的操作系统。 Apple iOS trust cache加载存在安全漏洞，允许攻击者利用漏洞以系统权限执行任意代码。

Severity

高

Patch Name

Apple iOS trust cache加载任意代码执行漏洞的补丁

Patch Description

Apple iOS是一款苹果公司开发的用于手机等的操作系统。 Apple iOS trust cache加载存在安全漏洞，允许攻击者利用漏洞以系统权限执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://support.apple.com/en-us/HT205635

Reference

https://support.apple.com/en-us/HT205635

Impacted products

Name
['Apple IOS <9.2', 'Apple tvOS <9.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7051"
    }
  },
  "description": "Apple iOS\u662f\u4e00\u6b3e\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u7528\u4e8e\u624b\u673a\u7b49\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS trust cache\u52a0\u8f7d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "PanguTeam",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/en-us/HT205635",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-08190",
  "openTime": "2015-12-15",
  "patchDescription": "Apple iOS\u662f\u4e00\u6b3e\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u7528\u4e8e\u624b\u673a\u7b49\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS trust cache\u52a0\u8f7d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS trust cache\u52a0\u8f7d\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c9.2",
      "Apple tvOS \u003c9.1"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/HT205635",
  "serverity": "\u9ad8",
  "submitTime": "2015-12-13",
  "title": "Apple iOS trust cache\u52a0\u8f7d\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2015-7051

Vulnerability from fkie_nvd - Published: 2015-12-11 11:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html	Vendor Advisory
product-security@apple.com	http://www.securitytracker.com/id/1034348
product-security@apple.com	https://support.apple.com/HT205635	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT205640	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034348
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205635	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205640	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	iphone_os	*
	apple	tvos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04EA4C73-EC97-4FC8-9AA5-D9B4A3EA869C",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68F69582-69E2-4173-B418-26F6E63DF502",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app."
    },
    {
      "lang": "es",
      "value": "MobileStorageMounter en Apple iOS en versiones anteriores a 9.2 y tvOS en versiones anteriores a 9.1 no maneja adecuadamente el tiempo de carga de la cach\u00e9 de confianza, lo que permite a atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado a trav\u00e9s de una aplicaci\u00f3n manipulada."
    }
  ],
  "id": "CVE-2015-7051",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-12-11T11:59:17.427",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1034348"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205635"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205640"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2015-7051

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7051

Aliases

CVE-2015-7051

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7051",
    "description": "MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.",
    "id": "GSD-2015-7051"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7051"
      ],
      "details": "MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.",
      "id": "GSD-2015-7051",
      "modified": "2023-12-13T01:20:01.570953Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-7051",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT205635",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205635"
          },
          {
            "name": "1034348",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034348"
          },
          {
            "name": "APPLE-SA-2015-12-08-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
          },
          {
            "name": "https://support.apple.com/HT205640",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205640"
          },
          {
            "name": "APPLE-SA-2015-12-08-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-7051"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-12-08-2",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
            },
            {
              "name": "APPLE-SA-2015-12-08-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
            },
            {
              "name": "https://support.apple.com/HT205635",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205635"
            },
            {
              "name": "https://support.apple.com/HT205640",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205640"
            },
            {
              "name": "1034348",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034348"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2015-12-11T11:59Z"
    }
  }
}

GHSA-5WV4-G62M-FP24

Vulnerability from github – Published: 2022-05-14 01:23 – Updated: 2022-05-14 01:23

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7051"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-12-11T11:59:00Z",
    "severity": "HIGH"
  },
  "details": "MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.",
  "id": "GHSA-5wv4-g62m-fp24",
  "modified": "2022-05-14T01:23:40Z",
  "published": "2022-05-14T01:23:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7051"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205635"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205640"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034348"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7051 (GCVE-0-2015-7051)

VAR-201512-0150

CERTFR-2015-AVI-532

Solution

CERTFR-2015-AVI-532

Solution

CNVD-2015-08190

FKIE_CVE-2015-7051

GSD-2015-7051

GHSA-5WV4-G62M-FP24

Tags

Sightings

Nomenclature