cvelistv5 - CVE-2015-1061

CVE-2015-1061 (GCVE-0-2015-1061)

Vulnerability from cvelistv5

Published

2015-03-12 10:00

Modified

2024-08-06 04:33

Severity ?

CWE

Summary

References

URL

Tags

product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/73004
product-security@apple.com	http://www.securitytracker.com/id/1031864
product-security@apple.com	https://support.apple.com/HT204413	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204423	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204426	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT204563
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73004
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031864
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204413	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204423	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204426	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT204563

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:33:20.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2015-03-09-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
          },
          {
            "name": "APPLE-SA-2015-03-09-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204426"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204413"
          },
          {
            "name": "APPLE-SA-2015-03-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
          },
          {
            "name": "1031864",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031864"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT204563"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204423"
          },
          {
            "name": "73004",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "APPLE-SA-2015-03-09-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
        },
        {
          "name": "APPLE-SA-2015-03-09-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204426"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204413"
        },
        {
          "name": "APPLE-SA-2015-03-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
        },
        {
          "name": "1031864",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031864"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT204563"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204423"
        },
        {
          "name": "73004",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73004"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-03-09-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
            },
            {
              "name": "APPLE-SA-2015-03-09-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
            },
            {
              "name": "https://support.apple.com/HT204426",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204426"
            },
            {
              "name": "https://support.apple.com/HT204413",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204413"
            },
            {
              "name": "APPLE-SA-2015-03-09-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
            },
            {
              "name": "1031864",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031864"
            },
            {
              "name": "https://support.apple.com/kb/HT204563",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT204563"
            },
            {
              "name": "https://support.apple.com/HT204423",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204423"
            },
            {
              "name": "73004",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73004"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2015-1061",
    "datePublished": "2015-03-12T10:00:00",
    "dateReserved": "2015-01-16T00:00:00",
    "dateUpdated": "2024-08-06T04:33:20.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-1061\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-03-12T10:59:05.567\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \\\"type confusion\\\" during serialized-object handling.\"},{\"lang\":\"es\",\"value\":\"IOSurface en Apple iOS anterior a 8.2, Apple OS X hasta 10.10.2, y Apple TV anterior a 7.1 permite a atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado a trav\u00e9s de una aplicaci\u00f3n manipulada que aprovecha la \u0027confusi\u00f3n de tipos\u0027 durante el manejo de objetos serializados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0.3\",\"matchCriteriaId\":\"5715DF19-503E-4397-A127-3FA66AACE0BF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1.3\",\"matchCriteriaId\":\"51E778E9-865E-410F-98FE-25E2D898BA71\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.10.2\",\"matchCriteriaId\":\"045D7827-3EB8-43A1-AC80-9C94C395D364\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/73004\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id/1031864\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT204413\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT204423\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT204426\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT204563\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/73004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031864\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT204413\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT204423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT204426\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT204563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-vm87-xq8q-f9xp

Vulnerability from github

Published

2022-05-14 01:25

Modified

2022-05-14 01:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1061"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-03-12T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling.",
  "id": "GHSA-vm87-xq8q-f9xp",
  "modified": "2022-05-14T01:25:56Z",
  "published": "2022-05-14T01:25:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1061"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204413"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204423"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204426"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT204563"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/73004"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031864"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks
Apple	N/A	Apple TV
Apple	N/A	OS X Moutain Lion
Apple	N/A	OS X Yosemite
Apple	N/A	iOS 8.2
Apple	N/A	Xcode 6.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT204426 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204427 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple 2015-002 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204423 du 09 mars 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple TV",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Moutain Lion",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS 8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-8108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8108"
    },
    {
      "name": "CVE-2015-1064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1064"
    },
    {
      "name": "CVE-2014-3580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3580"
    },
    {
      "name": "CVE-2015-1066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1066"
    },
    {
      "name": "CVE-2015-1062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1062"
    },
    {
      "name": "CVE-2015-1063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1063"
    },
    {
      "name": "CVE-2014-3522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3522"
    },
    {
      "name": "CVE-2014-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3528"
    },
    {
      "name": "CVE-2014-9390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9390"
    },
    {
      "name": "CVE-2015-1067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1067"
    },
    {
      "name": "CVE-2015-1065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1065"
    },
    {
      "name": "CVE-2014-4496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4496"
    },
    {
      "name": "CVE-2015-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1061"
    }
  ],
  "initial_release_date": "2015-03-10T00:00:00",
  "last_revision_date": "2015-03-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-092",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204426 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204426"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204427 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204427"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2015-002 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204413"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204423 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204423"
    }
  ]
}

CERTFR-2015-AVI-118

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Mac OS X Yosemite. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

OS X Yosemite

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2015-003 du 19 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple 2015-003 du 20 mars 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eOS X Yosemite\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1065"
    },
    {
      "name": "CVE-2015-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1061"
    }
  ],
  "initial_release_date": "2015-03-20T00:00:00",
  "last_revision_date": "2015-03-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2015-003 du 20 mars 2015",
      "url": "https://support.apple.com/en-us/HT204563"
    }
  ],
  "reference": "CERTFR-2015-AVI-118",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMac OS X Yosemite\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X Yosemite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2015-003 du 19 mars 2015",
      "url": null
    }
  ]
}

var-201503-0074

Vulnerability from variot

IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling. Apple iOS, Mac Os X, and TV are prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. in the United States. A security vulnerability exists in IOSurface in several Apple products. CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero

Note: Security Update 2015-003 includes the content of Security Update 2015-002. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-03-09-1 iOS 8.2

iOS 8.2 is now available and addresses the following:

CoreTelephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker can cause a device to unexpectedly restart Description: A null pointer dereference issue existed in CoreTelephony's handling of Class 0 SMS messages. This issue was addressed through improved message validation. CVE-ID CVE-2015-1063 : Roman Digerberg, Sweden

iCloud Keychain Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1065 : Andrey Belenko of NowSecure

IOSurface Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in IOSurface's handling of serialized objects. The issue was addressed through additional type checking. CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero

MobileStorageMounter Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to create folders in trusted locations in the file system Description: An issue existed in the developer disk mounting logic which resulted in invalid disk image folders not being deleted. This was addressed through improved error handling. CVE-ID CVE-2015-1062 : TaiG Jailbreak Team

Secure Transport Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris

Springboard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see the home screen of the device even if the device is not activated Description: An unexpected application termination during activation could have caused the device to show the home screen. The issue was addressed through improved error handling during activation. CVE-ID CVE-2015-1064

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "8.2".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI Ld7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF H8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B qAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6 5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7 ucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp V6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH Li0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD rvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233 5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq MWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d 3T50q8/I5HSn+5c9eHvz =l+X4 -----END PGP SIGNATURE----- . CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero

Kernel Available for: OS X Yosemite v10.10.2 Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0074",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "tv",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1   (apple tv first  3 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (ipod touch first  5 after generation )"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.2.1"
      },
      {
        "model": "tv",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73004"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-288"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1061"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:apple_tv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "130938"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "PACKETSTORM",
        "id": "130743"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-1061",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-1061",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-79021",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-1061",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-1061",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-288",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79021",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-288"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1061"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling. Apple iOS, Mac Os X, and TV are prone to a remote code-execution vulnerability. \nAn attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. in the United States. A security vulnerability exists in IOSurface in several Apple products. \nCVE-ID\nCVE-2015-1061 : Ian Beer of Google Project Zero\n\nNote: Security Update 2015-003 includes the content of\nSecurity Update 2015-002. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-03-09-1 iOS 8.2\n\niOS 8.2 is now available and addresses the following:\n\nCoreTelephony\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A remote attacker can cause a device to unexpectedly restart\nDescription:  A null pointer dereference issue existed in\nCoreTelephony\u0027s handling of Class 0 SMS messages. This issue was\naddressed through improved message validation. \nCVE-ID\nCVE-2015-1063 : Roman Digerberg, Sweden\n\niCloud Keychain\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  Multiple buffer overflows existed in the handling of\ndata during iCloud Keychain recovery. These issues were addressed\nthrough improved bounds checking. \nCVE-ID\nCVE-2015-1065 : Andrey Belenko of NowSecure\n\nIOSurface\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A type confusion issue existed in IOSurface\u0027s handling\nof serialized objects. The issue was addressed through additional\ntype checking. \nCVE-ID\nCVE-2015-1061 : Ian Beer of Google Project Zero\n\nMobileStorageMounter\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to create folders in\ntrusted locations in the file system\nDescription:  An issue existed in the developer disk mounting logic\nwhich resulted in invalid disk image folders not being deleted. This\nwas addressed through improved error handling. \nCVE-ID\nCVE-2015-1062 : TaiG Jailbreak Team\n\nSecure Transport\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  Secure Transport accepted short ephemeral RSA keys,\nusually used only in export-strength RSA cipher suites, on\nconnections using full-strength RSA cipher suites. This issue, also\nknown as FREAK, only affected connections to servers which support\nexport-strength RSA cipher suites, and was addressed by removing\nsupport for ephemeral RSA keys. \nCVE-ID\nCVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nProsecco at Inria Paris\n\nSpringboard\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to the device may be able to\nsee the home screen of the device even if the device is not activated\nDescription:  An unexpected application termination during activation\ncould have caused the device to show the home screen. The issue was\naddressed through improved error handling during activation. \nCVE-ID\nCVE-2015-1064\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"8.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI\nLd7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF\nH8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B\nqAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6\n5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7\nucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp\nV6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH\nLi0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD\nrvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233\n5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq\nMWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d\n3T50q8/I5HSn+5c9eHvz\n=l+X4\n-----END PGP SIGNATURE-----\n. \nCVE-ID\nCVE-2015-1061 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X Yosemite v10.10.2\nImpact:  Maliciously crafted or compromised applications may be able\nto determine addresses in the kernel\nDescription:  The mach_port_kobject kernel interface leaked kernel\naddresses and heap permutation value, which may aid in bypassing\naddress space layout randomization protection. This was addressed by\ndisabling the mach_port_kobject interface in production\nconfigurations",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1061"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      },
      {
        "db": "BID",
        "id": "73004"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79021"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "130938"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "PACKETSTORM",
        "id": "130743"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1061",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "73004",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1031864",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU93102213",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU90171154",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-288",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "130742",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "130938",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "130741",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-79021",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130743",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79021"
      },
      {
        "db": "BID",
        "id": "73004"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "130938"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "PACKETSTORM",
        "id": "130743"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-288"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1061"
      }
    ]
  },
  "id": "VAR-201503-0074",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79021"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:59:02.397000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-03-09-1 iOS 8.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
      },
      {
        "title": "APPLE-SA-2015-03-09-2 AppleTV 7.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
      },
      {
        "title": "APPLE-SA-2015-03-09-3 Security Update 2015-002",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
      },
      {
        "title": "APPLE-SA-2015-03-19-1 Security Update 2015-003",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00005.html"
      },
      {
        "title": "HT204423",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204423"
      },
      {
        "title": "HT204413",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204413"
      },
      {
        "title": "HT204563",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT204563"
      },
      {
        "title": "HT204426",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204426"
      },
      {
        "title": "HT204563",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204563"
      },
      {
        "title": "HT204423",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204423"
      },
      {
        "title": "HT204413",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204413"
      },
      {
        "title": "HT204426",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204426"
      },
      {
        "title": "iPhone7,1_8.2_12D508_Restore",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54079"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-288"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79021"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1061"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/73004"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204413"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204423"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204426"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht204563"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1031864"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1061"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90171154/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93102213/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1061"
      },
      {
        "trust": 0.4,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.4,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1061"
      },
      {
        "trust": 0.4,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/appletv/features.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1067"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1065"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1062"
      },
      {
        "trust": 0.2,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204413"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1063"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1066"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4496"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79021"
      },
      {
        "db": "BID",
        "id": "73004"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "130938"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "PACKETSTORM",
        "id": "130743"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-288"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1061"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-79021"
      },
      {
        "db": "BID",
        "id": "73004"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "130938"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "PACKETSTORM",
        "id": "130743"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-288"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1061"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79021"
      },
      {
        "date": "2015-03-09T00:00:00",
        "db": "BID",
        "id": "73004"
      },
      {
        "date": "2015-03-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      },
      {
        "date": "2015-03-10T16:17:57",
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "date": "2015-03-21T17:32:22",
        "db": "PACKETSTORM",
        "id": "130938"
      },
      {
        "date": "2015-03-10T16:14:34",
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "date": "2015-03-10T16:20:32",
        "db": "PACKETSTORM",
        "id": "130743"
      },
      {
        "date": "2015-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-288"
      },
      {
        "date": "2015-03-12T10:59:05.567000",
        "db": "NVD",
        "id": "CVE-2015-1061"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79021"
      },
      {
        "date": "2015-04-13T21:03:00",
        "db": "BID",
        "id": "73004"
      },
      {
        "date": "2015-03-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-288"
      },
      {
        "date": "2024-11-21T02:24:34.540000",
        "db": "NVD",
        "id": "CVE-2015-1061"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-288"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product  IOSurface Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001785"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-288"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2015-01640

Vulnerability from cnvd

Title

Apple iOS IOSurface类型混淆漏洞

Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS处理序列化对象时IOSurface存在类型混淆漏洞，允许攻击者利用漏洞以系统权限执行任意代码。

Severity

高

Patch Name

Apple iOS IOSurface类型混淆漏洞的补丁

Patch Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS处理序列化对象时IOSurface存在类型混淆漏洞，允许攻击者利用漏洞以系统权限执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Apple iOS 8.2已经修复该漏洞，建议用户下载更新： https://support.apple.com

Reference

https://support.apple.com/kb/HT204423

Impacted products

Name
Apple IOS <8.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1061"
    }
  },
  "description": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\nApple iOS\u5904\u7406\u5e8f\u5217\u5316\u5bf9\u8c61\u65f6IOSurface\u5b58\u5728\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Ian Beer of Google Project Zero",
  "formalWay": "Apple iOS 8.2\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://support.apple.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01640",
  "openTime": "2015-03-13",
  "patchDescription": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\nApple iOS\u5904\u7406\u5e8f\u5217\u5316\u5bf9\u8c61\u65f6IOSurface\u5b58\u5728\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS IOSurface\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple IOS \u003c8.2"
  },
  "referenceLink": "https://support.apple.com/kb/HT204423",
  "serverity": "\u9ad8",
  "submitTime": "2015-03-12",
  "title": "Apple iOS IOSurface\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e"
}

gsd-2015-1061

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-1061

Aliases

CVE-2015-1061

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1061",
    "description": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling.",
    "id": "GSD-2015-1061"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1061"
      ],
      "details": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling.",
      "id": "GSD-2015-1061",
      "modified": "2023-12-13T01:20:05.410198Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-1061",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2015-03-09-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
          },
          {
            "name": "APPLE-SA-2015-03-09-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
          },
          {
            "name": "https://support.apple.com/HT204426",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204426"
          },
          {
            "name": "https://support.apple.com/HT204413",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204413"
          },
          {
            "name": "APPLE-SA-2015-03-09-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
          },
          {
            "name": "1031864",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031864"
          },
          {
            "name": "https://support.apple.com/kb/HT204563",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT204563"
          },
          {
            "name": "https://support.apple.com/HT204423",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204423"
          },
          {
            "name": "73004",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/73004"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1061"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT204426",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204426"
            },
            {
              "name": "https://support.apple.com/HT204423",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204423"
            },
            {
              "name": "APPLE-SA-2015-03-09-3",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
            },
            {
              "name": "APPLE-SA-2015-03-09-2",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
            },
            {
              "name": "https://support.apple.com/HT204413",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204413"
            },
            {
              "name": "APPLE-SA-2015-03-09-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
            },
            {
              "name": "1031864",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031864"
            },
            {
              "name": "73004",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/73004"
            },
            {
              "name": "https://support.apple.com/kb/HT204563",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/kb/HT204563"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2015-03-12T10:59Z"
    }
  }
}

fkie_cve-2015-1061

Vulnerability from fkie_nvd

Published

2015-03-12 10:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/73004
product-security@apple.com	http://www.securitytracker.com/id/1031864
product-security@apple.com	https://support.apple.com/HT204413	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204423	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204426	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT204563
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73004
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031864
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204413	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204423	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204426	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT204563

Impacted products

Vendor	Product	Version
apple	tvos	*
apple	iphone_os	*
apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5715DF19-503E-4397-A127-3FA66AACE0BF",
              "versionEndIncluding": "7.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E778E9-865E-410F-98FE-25E2D898BA71",
              "versionEndIncluding": "8.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "045D7827-3EB8-43A1-AC80-9C94C395D364",
              "versionEndIncluding": "10.10.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling."
    },
    {
      "lang": "es",
      "value": "IOSurface en Apple iOS anterior a 8.2, Apple OS X hasta 10.10.2, y Apple TV anterior a 7.1 permite a atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado a trav\u00e9s de una aplicaci\u00f3n manipulada que aprovecha la \u0027confusi\u00f3n de tipos\u0027 durante el manejo de objetos serializados."
    }
  ],
  "id": "CVE-2015-1061",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-03-12T10:59:05.567",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/73004"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1031864"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204413"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204423"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204426"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/kb/HT204563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT204563"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-1061 (GCVE-0-2015-1061)

Vulnerability from cvelistv5

ghsa-vm87-xq8q-f9xp

Vulnerability from github

CERTFR-2015-AVI-092

Vulnerability from certfr_avis

Solution

CERTFR-2015-AVI-118

Vulnerability from certfr_avis

Solution

var-201503-0074

Vulnerability from variot

cnvd-2015-01640

Vulnerability from cnvd

gsd-2015-1061

Vulnerability from gsd

fkie_cve-2015-1061

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature