cvelistv5 - cve-2015-1062

CVE-2015-1062 (GCVE-0-2015-1062)

Vulnerability from cvelistv5 – Published: 2015-03-12 10:00 – Updated: 2024-08-06 04:33

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://support.apple.com/HT204426	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securitytracker.com/id/1031864	vdb-entryx_refsource_SECTRACK
	https://support.apple.com/HT204423	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:33:20.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2015-03-09-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204426"
          },
          {
            "name": "APPLE-SA-2015-03-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
          },
          {
            "name": "1031864",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031864"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204423"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-16T16:57:00",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "APPLE-SA-2015-03-09-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204426"
        },
        {
          "name": "APPLE-SA-2015-03-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
        },
        {
          "name": "1031864",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031864"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204423"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1062",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-03-09-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
            },
            {
              "name": "https://support.apple.com/HT204426",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204426"
            },
            {
              "name": "APPLE-SA-2015-03-09-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
            },
            {
              "name": "1031864",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031864"
            },
            {
              "name": "https://support.apple.com/HT204423",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204423"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2015-1062",
    "datePublished": "2015-03-12T10:00:00",
    "dateReserved": "2015-01-16T00:00:00",
    "dateUpdated": "2024-08-06T04:33:20.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.0.3\", \"matchCriteriaId\": \"5715DF19-503E-4397-A127-3FA66AACE0BF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.1.3\", \"matchCriteriaId\": \"51E778E9-865E-410F-98FE-25E2D898BA71\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.\"}, {\"lang\": \"es\", \"value\": \"MobileStorageMounter en Apple iOS anterior a 8.2 y Apple TV anterior a 7.1 no elimina las carpetas de im\\u00e1genes de discos inv\\u00e1lidas, lo que permite a atacantes remotos crear carpetas en localizaciones del sistema de ficheros arbitrarias a trav\\u00e9s de una aplicaci\\u00f3n manipulada.\"}]",
      "id": "CVE-2015-1062",
      "lastModified": "2024-11-21T02:24:34.740",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-03-12T10:59:06.880",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1031864\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT204423\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT204426\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1031864\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT204423\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT204426\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-19\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-1062\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-03-12T10:59:06.880\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.\"},{\"lang\":\"es\",\"value\":\"MobileStorageMounter en Apple iOS anterior a 8.2 y Apple TV anterior a 7.1 no elimina las carpetas de im\u00e1genes de discos inv\u00e1lidas, lo que permite a atacantes remotos crear carpetas en localizaciones del sistema de ficheros arbitrarias a trav\u00e9s de una aplicaci\u00f3n manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-19\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0.3\",\"matchCriteriaId\":\"5715DF19-503E-4397-A127-3FA66AACE0BF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1.3\",\"matchCriteriaId\":\"51E778E9-865E-410F-98FE-25E2D898BA71\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1031864\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT204423\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT204426\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1031864\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT204423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT204426\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2015-1062

Vulnerability from fkie_nvd - Published: 2015-03-12 10:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html	Vendor Advisory
product-security@apple.com	http://www.securitytracker.com/id/1031864
product-security@apple.com	https://support.apple.com/HT204423	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204426	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031864
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204423	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204426	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	tvos	*
	apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5715DF19-503E-4397-A127-3FA66AACE0BF",
              "versionEndIncluding": "7.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E778E9-865E-410F-98FE-25E2D898BA71",
              "versionEndIncluding": "8.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app."
    },
    {
      "lang": "es",
      "value": "MobileStorageMounter en Apple iOS anterior a 8.2 y Apple TV anterior a 7.1 no elimina las carpetas de im\u00e1genes de discos inv\u00e1lidas, lo que permite a atacantes remotos crear carpetas en localizaciones del sistema de ficheros arbitrarias a trav\u00e9s de una aplicaci\u00f3n manipulada."
    }
  ],
  "id": "CVE-2015-1062",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-03-12T10:59:06.880",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1031864"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204423"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204426"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-19"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2015-AVI-092

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks
Apple	N/A	Apple TV
Apple	N/A	OS X Moutain Lion
Apple	N/A	OS X Yosemite
Apple	N/A	iOS 8.2
Apple	N/A	Xcode 6.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT204426 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204427 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple 2015-002 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204423 du 09 mars 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple TV",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Moutain Lion",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS 8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-8108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8108"
    },
    {
      "name": "CVE-2015-1064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1064"
    },
    {
      "name": "CVE-2014-3580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3580"
    },
    {
      "name": "CVE-2015-1066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1066"
    },
    {
      "name": "CVE-2015-1062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1062"
    },
    {
      "name": "CVE-2015-1063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1063"
    },
    {
      "name": "CVE-2014-3522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3522"
    },
    {
      "name": "CVE-2014-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3528"
    },
    {
      "name": "CVE-2014-9390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9390"
    },
    {
      "name": "CVE-2015-1067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1067"
    },
    {
      "name": "CVE-2015-1065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1065"
    },
    {
      "name": "CVE-2014-4496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4496"
    },
    {
      "name": "CVE-2015-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1061"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-092",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204426 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204426"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204427 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204427"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2015-002 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204413"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204423 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204423"
    }
  ]
}

CERTFR-2015-AVI-092

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks
Apple	N/A	Apple TV
Apple	N/A	OS X Moutain Lion
Apple	N/A	OS X Yosemite
Apple	N/A	iOS 8.2
Apple	N/A	Xcode 6.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT204426 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204427 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple 2015-002 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204423 du 09 mars 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple TV",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Moutain Lion",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS 8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-8108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8108"
    },
    {
      "name": "CVE-2015-1064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1064"
    },
    {
      "name": "CVE-2014-3580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3580"
    },
    {
      "name": "CVE-2015-1066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1066"
    },
    {
      "name": "CVE-2015-1062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1062"
    },
    {
      "name": "CVE-2015-1063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1063"
    },
    {
      "name": "CVE-2014-3522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3522"
    },
    {
      "name": "CVE-2014-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3528"
    },
    {
      "name": "CVE-2014-9390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9390"
    },
    {
      "name": "CVE-2015-1067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1067"
    },
    {
      "name": "CVE-2015-1065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1065"
    },
    {
      "name": "CVE-2014-4496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4496"
    },
    {
      "name": "CVE-2015-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1061"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-092",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204426 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204426"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204427 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204427"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2015-002 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204413"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204423 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204423"
    }
  ]
}

GHSA-CPVF-4X77-J58P

Vulnerability from github – Published: 2022-05-14 01:25 – Updated: 2022-05-14 01:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1062"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-03-12T10:59:00Z",
    "severity": "MODERATE"
  },
  "details": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.",
  "id": "GHSA-cpvf-4x77-j58p",
  "modified": "2022-05-14T01:25:56Z",
  "published": "2022-05-14T01:25:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1062"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204423"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204426"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031864"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-1062

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-1062

Aliases

CVE-2015-1062

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1062",
    "description": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.",
    "id": "GSD-2015-1062"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1062"
      ],
      "details": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.",
      "id": "GSD-2015-1062",
      "modified": "2023-12-13T01:20:05.364692Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-1062",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2015-03-09-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
          },
          {
            "name": "https://support.apple.com/HT204426",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204426"
          },
          {
            "name": "APPLE-SA-2015-03-09-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
          },
          {
            "name": "1031864",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031864"
          },
          {
            "name": "https://support.apple.com/HT204423",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204423"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1062"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-19"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT204426",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204426"
            },
            {
              "name": "https://support.apple.com/HT204423",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204423"
            },
            {
              "name": "APPLE-SA-2015-03-09-2",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
            },
            {
              "name": "APPLE-SA-2015-03-09-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
            },
            {
              "name": "1031864",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031864"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2015-03-12T10:59Z"
    }
  }
}

CNVD-2015-01639

Vulnerability from cnvd - Published: 2015-03-13

Title

Apple iOS磁盘挂接逻辑漏洞

Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS存在安全漏洞，允许应用程序利用磁盘挂接逻辑漏洞在可信位置创建文件夹。

Severity

中

Patch Name

Apple iOS磁盘挂接逻辑漏洞的补丁

Patch Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS存在安全漏洞，允许应用程序利用磁盘挂接逻辑漏洞在可信位置创建文件夹。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Apple iOS 8.2已经修复该漏洞，建议用户下载更新： https://support.apple.com

Reference

https://support.apple.com/kb/HT204423

Impacted products

Name
Apple IOS <8.2

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "73003"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1062"
    }
  },
  "description": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\nApple iOS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u78c1\u76d8\u6302\u63a5\u903b\u8f91\u6f0f\u6d1e\u5728\u53ef\u4fe1\u4f4d\u7f6e\u521b\u5efa\u6587\u4ef6\u5939\u3002",
  "discovererName": "TaiG Jailbreak Team",
  "formalWay": "Apple iOS 8.2\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://support.apple.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01639",
  "openTime": "2015-03-13",
  "patchDescription": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\nApple iOS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u5e94\u7528\u7a0b\u5e8f\u5229\u7528\u78c1\u76d8\u6302\u63a5\u903b\u8f91\u6f0f\u6d1e\u5728\u53ef\u4fe1\u4f4d\u7f6e\u521b\u5efa\u6587\u4ef6\u5939\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS\u78c1\u76d8\u6302\u63a5\u903b\u8f91\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple IOS \u003c8.2"
  },
  "referenceLink": "https://support.apple.com/kb/HT204423",
  "serverity": "\u4e2d",
  "submitTime": "2015-03-12",
  "title": "Apple iOS\u78c1\u76d8\u6302\u63a5\u903b\u8f91\u6f0f\u6d1e"
}

VAR-201503-0075

Vulnerability from variot - Updated: 2023-12-18 10:51

MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Apple TV and iOS are prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-03-09-1 iOS 8.2

iOS 8.2 is now available and addresses the following:

CoreTelephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker can cause a device to unexpectedly restart Description: A null pointer dereference issue existed in CoreTelephony's handling of Class 0 SMS messages. This issue was addressed through improved message validation. CVE-ID CVE-2015-1063 : Roman Digerberg, Sweden

iCloud Keychain Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1065 : Andrey Belenko of NowSecure

IOSurface Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in IOSurface's handling of serialized objects. The issue was addressed through additional type checking. CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero

MobileStorageMounter Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to create folders in trusted locations in the file system Description: An issue existed in the developer disk mounting logic which resulted in invalid disk image folders not being deleted. This was addressed through improved error handling. CVE-ID CVE-2015-1062 : TaiG Jailbreak Team

Secure Transport Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris

Springboard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see the home screen of the device even if the device is not activated Description: An unexpected application termination during activation could have caused the device to show the home screen. The issue was addressed through improved error handling during activation. CVE-ID CVE-2015-1064

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "8.2".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI Ld7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF H8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B qAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6 5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7 ucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp V6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH Li0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD rvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233 5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq MWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d 3T50q8/I5HSn+5c9eHvz =l+X4 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0075",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "tv",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1   (apple tv first  3 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (ipod touch first  5 after generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.2.1"
      },
      {
        "model": "tv",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-289"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1062"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TaiG Jailbreak Team.",
    "sources": [
      {
        "db": "BID",
        "id": "73003"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1062",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1062",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-79022",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1062",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-289",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79022",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-289"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Apple TV and iOS are prone to a local security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-03-09-1 iOS 8.2\n\niOS 8.2 is now available and addresses the following:\n\nCoreTelephony\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A remote attacker can cause a device to unexpectedly restart\nDescription:  A null pointer dereference issue existed in\nCoreTelephony\u0027s handling of Class 0 SMS messages. This issue was\naddressed through improved message validation. \nCVE-ID\nCVE-2015-1063 : Roman Digerberg, Sweden\n\niCloud Keychain\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  Multiple buffer overflows existed in the handling of\ndata during iCloud Keychain recovery. These issues were addressed\nthrough improved bounds checking. \nCVE-ID\nCVE-2015-1065 : Andrey Belenko of NowSecure\n\nIOSurface\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A type confusion issue existed in IOSurface\u0027s handling\nof serialized objects. The issue was addressed through additional\ntype checking. \nCVE-ID\nCVE-2015-1061 : Ian Beer of Google Project Zero\n\nMobileStorageMounter\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to create folders in\ntrusted locations in the file system\nDescription:  An issue existed in the developer disk mounting logic\nwhich resulted in invalid disk image folders not being deleted. This\nwas addressed through improved error handling. \nCVE-ID\nCVE-2015-1062 : TaiG Jailbreak Team\n\nSecure Transport\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  Secure Transport accepted short ephemeral RSA keys,\nusually used only in export-strength RSA cipher suites, on\nconnections using full-strength RSA cipher suites. This issue, also\nknown as FREAK, only affected connections to servers which support\nexport-strength RSA cipher suites, and was addressed by removing\nsupport for ephemeral RSA keys. \nCVE-ID\nCVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nProsecco at Inria Paris\n\nSpringboard\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to the device may be able to\nsee the home screen of the device even if the device is not activated\nDescription:  An unexpected application termination during activation\ncould have caused the device to show the home screen. The issue was\naddressed through improved error handling during activation. \nCVE-ID\nCVE-2015-1064\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"8.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI\nLd7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF\nH8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B\nqAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6\n5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7\nucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp\nV6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH\nLi0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD\nrvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233\n5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq\nMWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d\n3T50q8/I5HSn+5c9eHvz\n=l+X4\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1062"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      },
      {
        "db": "BID",
        "id": "73003"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79022"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1062",
        "trust": 3.0
      },
      {
        "db": "SECTRACK",
        "id": "1031864",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU90171154",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001784",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-289",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "73003",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-79022",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130742",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130741",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79022"
      },
      {
        "db": "BID",
        "id": "73003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-289"
      }
    ]
  },
  "id": "VAR-201503-0075",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79022"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:51:53.073000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-03-09-1 iOS 8.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00000.html"
      },
      {
        "title": "APPLE-SA-2015-03-09-2 AppleTV 7.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00001.html"
      },
      {
        "title": "HT204423",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204423"
      },
      {
        "title": "HT204426",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204426"
      },
      {
        "title": "HT204423",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204423"
      },
      {
        "title": "HT204426",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204426"
      },
      {
        "title": "iPhone7,1_8.2_12D508_Restore",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54079"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-289"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1062"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204423"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204426"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1031864"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1062"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90171154/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1062"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/in/appletv/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht204426"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht204423"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1062"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1067"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1061"
      },
      {
        "trust": 0.2,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1065"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1063"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79022"
      },
      {
        "db": "BID",
        "id": "73003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-289"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-79022"
      },
      {
        "db": "BID",
        "id": "73003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-289"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79022"
      },
      {
        "date": "2015-03-10T00:00:00",
        "db": "BID",
        "id": "73003"
      },
      {
        "date": "2015-03-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      },
      {
        "date": "2015-03-10T16:17:57",
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "date": "2015-03-10T16:14:34",
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "date": "2015-03-12T10:59:06.880000",
        "db": "NVD",
        "id": "CVE-2015-1062"
      },
      {
        "date": "2015-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-289"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79022"
      },
      {
        "date": "2015-03-10T00:00:00",
        "db": "BID",
        "id": "73003"
      },
      {
        "date": "2015-03-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      },
      {
        "date": "2019-03-08T16:06:31.997000",
        "db": "NVD",
        "id": "CVE-2015-1062"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-289"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-289"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS and  Apple TV of  MobileStorageMounter Vulnerable to creating folders in arbitrary file system locations",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001784"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "73003"
      }
    ],
    "trust": 0.3
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-1062 (GCVE-0-2015-1062)

FKIE_CVE-2015-1062

CERTFR-2015-AVI-092

Solution

CERTFR-2015-AVI-092

Solution

GHSA-CPVF-4X77-J58P

GSD-2015-1062

CNVD-2015-01639

VAR-201503-0075

Tags

Sightings

Nomenclature