cvelistv5 - cve-2015-1097

CVE-2015-1097 (GCVE-0-2015-1097)

Vulnerability from cvelistv5

Published

2015-04-10 14:00

Modified

2024-08-06 04:33

Severity ?

CWE

Summary

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201504-0113

Vulnerability from variot

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. Apple iOS and TV are prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to obtain sensitive information that may lead to further attacks. These issues are fixed in: Apple iOS 8.3 Apple TV 7.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2015-04-08-4 Apple TV 7.2

Apple TV 7.2 is now available and addresses the following:

Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in IOKit objects used by an audio driver. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-1086

Apple TV Available for: Apple TV 3rd generation and later Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. This issue was addressed by removing unneeded code. CVE-ID CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team

Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security Research Team

Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.

Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd

Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative

Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab

Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on iOS. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs

Apple TV Available for: Apple TV 3rd generation and later Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team

Apple TV Available for: Apple TV 3rd generation and later Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io

Apple TV Available for: Apple TV 3rd generation and later Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.

Apple TV Available for: Apple TV 3rd generation and later Impact: Unnecessary information may be sent to external servers when downloading podcast assets Description: When downloading assets for podcast a user was subscribed to, unique identifiers were sent to external servers. This issue was resolved by removing these identifiers. CVE-ID CVE-2015-1110 : Alex Selivanov

Apple TV Available for: Apple TV 3rd generation and later Impact: Hardware identifiers may be accessible by third-party apps Description: An information disclosure issue existed in the third- party app sandbox. This issue was addressed by improving the sandbox profile. CVE-ID CVE-2015-1114

Apple TV Available for: Apple TV 3rd generation and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1068 : Apple CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative CVE-2015-1070 : Apple CVE-2015-1071 : Apple CVE-2015-1072 CVE-2015-1073 : Apple CVE-2015-1074 : Apple CVE-2015-1076 CVE-2015-1077 : Apple CVE-2015-1078 : Apple CVE-2015-1079 : Apple CVE-2015-1080 : Apple CVE-2015-1081 : Apple CVE-2015-1082 : Apple CVE-2015-1083 : Apple CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2015-1120 : Apple CVE-2015-1121 : Apple CVE-2015-1122 : Apple CVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software".

To check the current version of software, select "Settings -> General -> About".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVJHMgAAoJEBcWfLTuOo7tjVUP/3e7Bo8L4f4+EFs7jkhKVzP5 6LxAuhAtXu+476K1iDKOwa0gyLu8ftp95Af0rgUHjqmNGgsrAYZPgG8Q3HzS/RpK 1JyShFHNIF87sqVGYfVpRthO10yRAQxNmJ/6zGTRU/Djwb/FBZyrMcbG0SMZ47KX CerNerPwiI7dzKWWNHgvmj9ydJU9bSyI5bgweQ565BLKs0Lar8aqj6A/iV1Ekltn A33LSrgMTgK+pjUl1CwQLZ05x9YPpCGXsA55u3MApfL2ZdoOk0VBpi/e56JrSq1J BioCyTJn+DwDY+FjGg5vCjeGJGq4zQ/2SsLQwKLiK6Fje68LutNtrqPtNApWabh3 j876IiLpih2ZMV4KgqvCrkkMI2fkXlVOMLKUhI+UHJ4aWJTNprRwLbaJ7boQ9TCy MJ9B39iPJtyZWtorXBUc0RC2N1HLj5ONZut6FtRkIoiMTaGe6ejbvM39BWC+1sgW PsAYkvrEKzTcSdC6yY1RI2bufBD9SgtMD8f6y/q912uHf55poPSR9SV1iV5Tzftz UPvxGTLlmcXzU52nlSZNYEp4U9Nh02ltUYhs6MptoVvHf4MZW9TaIj9YpBNdVMvb vjB3UoPyAAb4GUqqVK6l5c6wlCyoCRg6Z86a99bW7PKBUP5C0LEzqwbZIMCkrX3i iPMObURhCq+xIYRUTKXE =ktgN -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0113",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "tv",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.2   (apple tv first  3 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.3   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.3   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.3   (ipod touch first  5 after generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-123"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1097"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:apple_tv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Alex Selivanov, Barak Gabai of the IBM X-Force Application Security Research Team, Cererdlong of Alibaba Mobile Security Team,  Ikuya Fukumoto and Apple",
    "sources": [
      {
        "db": "BID",
        "id": "73983"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1097",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2015-1097",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-79057",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-1097",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-1097",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201504-123",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79057",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-123"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1097"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. Apple iOS and TV are prone to multiple information-disclosure vulnerabilities. \nAn attacker can exploit these issues to obtain sensitive information that may lead to further attacks. \nThese issues are fixed in:\nApple iOS 8.3\nApple TV 7.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2015-04-08-4 Apple TV 7.2\n\nApple TV 7.2 is now available and addresses the following:\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in IOKit objects used by an\naudio driver. This issue was addressed through improved validation of\nmetadata. \nCVE-ID\nCVE-2015-1086\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  An application using NSXMLParser may be misused to disclose\ninformation\nDescription:  An XML External Entity issue existed in NSXMLParser\u0027s\nhandling of XML. This issue was addressed by not loading external\nentities across origins. This issue was addressed by\nremoving unneeded code. \nCVE-ID\nCVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  A malicious HID device may be able to cause arbitrary code\nexecution\nDescription:  A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. This issue was addressed through\nimproved bounds checking. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security\nResearch Team\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  A malicious application may be able to cause a system denial\nof service\nDescription:  A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  A malicious application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription:  setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  An attacker with a privileged network position may be able\nto cause a denial of service\nDescription:  A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription:  ICMP redirects were enabled by default on iOS. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  A remote attacker may be able to bypass network filters\nDescription:  The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription:  A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  Unnecessary information may be sent to external servers when\ndownloading podcast assets\nDescription:  When downloading assets for podcast a user was\nsubscribed to, unique identifiers were sent to external servers. This\nissue was resolved by removing these identifiers. \nCVE-ID\nCVE-2015-1110 : Alex Selivanov\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  Hardware identifiers may be accessible by third-party apps\nDescription:  An information disclosure issue existed in the third-\nparty app sandbox. This issue was addressed by improving the sandbox\nprofile. \nCVE-ID\nCVE-2015-1114\n\nApple TV\nAvailable for:  Apple TV 3rd generation and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-1068 : Apple\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\nCVE-2015-1070 : Apple\nCVE-2015-1071 : Apple\nCVE-2015-1072\nCVE-2015-1073 : Apple\nCVE-2015-1074 : Apple\nCVE-2015-1076\nCVE-2015-1077 : Apple\nCVE-2015-1078 : Apple\nCVE-2015-1079 : Apple\nCVE-2015-1080 : Apple\nCVE-2015-1081 : Apple\nCVE-2015-1082 : Apple\nCVE-2015-1083 : Apple\nCVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung\nElectronics\nCVE-2015-1120 : Apple\nCVE-2015-1121 : Apple\nCVE-2015-1122 : Apple\nCVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e General -\u003e Update Software\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT1222\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJVJHMgAAoJEBcWfLTuOo7tjVUP/3e7Bo8L4f4+EFs7jkhKVzP5\n6LxAuhAtXu+476K1iDKOwa0gyLu8ftp95Af0rgUHjqmNGgsrAYZPgG8Q3HzS/RpK\n1JyShFHNIF87sqVGYfVpRthO10yRAQxNmJ/6zGTRU/Djwb/FBZyrMcbG0SMZ47KX\nCerNerPwiI7dzKWWNHgvmj9ydJU9bSyI5bgweQ565BLKs0Lar8aqj6A/iV1Ekltn\nA33LSrgMTgK+pjUl1CwQLZ05x9YPpCGXsA55u3MApfL2ZdoOk0VBpi/e56JrSq1J\nBioCyTJn+DwDY+FjGg5vCjeGJGq4zQ/2SsLQwKLiK6Fje68LutNtrqPtNApWabh3\nj876IiLpih2ZMV4KgqvCrkkMI2fkXlVOMLKUhI+UHJ4aWJTNprRwLbaJ7boQ9TCy\nMJ9B39iPJtyZWtorXBUc0RC2N1HLj5ONZut6FtRkIoiMTaGe6ejbvM39BWC+1sgW\nPsAYkvrEKzTcSdC6yY1RI2bufBD9SgtMD8f6y/q912uHf55poPSR9SV1iV5Tzftz\nUPvxGTLlmcXzU52nlSZNYEp4U9Nh02ltUYhs6MptoVvHf4MZW9TaIj9YpBNdVMvb\nvjB3UoPyAAb4GUqqVK6l5c6wlCyoCRg6Z86a99bW7PKBUP5C0LEzqwbZIMCkrX3i\niPMObURhCq+xIYRUTKXE\n=ktgN\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1097"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      },
      {
        "db": "BID",
        "id": "73983"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79057"
      },
      {
        "db": "PACKETSTORM",
        "id": "131361"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1097",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "73983",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1032050",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU91828320",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-123",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-79057",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131361",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79057"
      },
      {
        "db": "BID",
        "id": "73983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      },
      {
        "db": "PACKETSTORM",
        "id": "131361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-123"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1097"
      }
    ]
  },
  "id": "VAR-201504-0113",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79057"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:22:26.097000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-04-08-3 iOS 8.3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
      },
      {
        "title": "APPLE-SA-2015-04-08-4 Apple TV 7.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
      },
      {
        "title": "HT204661",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204661"
      },
      {
        "title": "HT204662",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204662"
      },
      {
        "title": "HT204661",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204661"
      },
      {
        "title": "HT204662",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204662"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1097"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/73983"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204661"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204662"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032050"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1097"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91828320/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1097"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1099"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1101"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1073"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1102"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1083"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1069"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1092"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1079"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1076"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1104"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1077"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1103"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1097"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1070"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1071"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1096"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1100"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1072"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1082"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1081"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1080"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1078"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1074"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79057"
      },
      {
        "db": "BID",
        "id": "73983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      },
      {
        "db": "PACKETSTORM",
        "id": "131361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-123"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1097"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-79057"
      },
      {
        "db": "BID",
        "id": "73983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      },
      {
        "db": "PACKETSTORM",
        "id": "131361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-123"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1097"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79057"
      },
      {
        "date": "2015-04-08T00:00:00",
        "db": "BID",
        "id": "73983"
      },
      {
        "date": "2015-04-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      },
      {
        "date": "2015-04-09T16:39:51",
        "db": "PACKETSTORM",
        "id": "131361"
      },
      {
        "date": "2015-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-123"
      },
      {
        "date": "2015-04-10T14:59:13.577000",
        "db": "NVD",
        "id": "CVE-2015-1097"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79057"
      },
      {
        "date": "2015-07-15T00:04:00",
        "db": "BID",
        "id": "73983"
      },
      {
        "date": "2015-04-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-123"
      },
      {
        "date": "2024-11-21T02:24:39.783000",
        "db": "NVD",
        "id": "CVE-2015-1097"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-123"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS and  Apple TV of  IOMobileFramebuffer Vulnerability in which important information is obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002172"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-123"
      }
    ],
    "trust": 0.6
  }
}

ghsa-2mj2-v476-v72f

Vulnerability from github

Published

2022-05-14 01:25

Modified

2022-05-14 01:25

Details

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-04-10T14:59:00Z",
    "severity": "LOW"
  },
  "details": "IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.",
  "id": "GHSA-2mj2-v476-v72f",
  "modified": "2022-05-14T01:25:51Z",
  "published": "2022-05-14T01:25:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1097"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204661"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204662"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/73983"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032050"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2015-AVI-147

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 8.3
Apple	N/A	Apple TV versions antérieures à 7.2
Apple	N/A	Apple Xcode versions antérieures à 6.3

References

Title

Publication Time

gsd-2015-1097

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

Aliases

CVE-2015-1097

Aliases

CVE-2015-1097

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1097",
    "description": "IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.",
    "id": "GSD-2015-1097"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1097"
      ],
      "details": "IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.",
      "id": "GSD-2015-1097",
      "modified": "2023-12-13T01:20:05.452804Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-1097",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2015-04-08-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
          },
          {
            "name": "73983",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/73983"
          },
          {
            "name": "1032050",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032050"
          },
          {
            "name": "https://support.apple.com/HT204662",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204662"
          },
          {
            "name": "APPLE-SA-2015-04-08-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
          },
          {
            "name": "https://support.apple.com/HT204661",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204661"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1097"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT204662",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204662"
            },
            {
              "name": "APPLE-SA-2015-04-08-3",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
            },
            {
              "name": "APPLE-SA-2015-04-08-4",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
            },
            {
              "name": "https://support.apple.com/HT204661",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204661"
            },
            {
              "name": "1032050",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032050"
            },
            {
              "name": "73983",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/73983"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2015-04-10T14:59Z"
    }
  }
}

cnvd-2015-02317

Vulnerability from cnvd

Title

Apple iOS MobileFrameBuffer内存泄露漏洞

Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS MobileFrameBuffer存在内存内容泄露漏洞，允许本地攻击者利用漏洞获取敏感信息。

Severity

中

Patch Name

Apple iOS MobileFrameBuffer内存泄露漏洞的补丁

Patch Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS MobileFrameBuffer存在内存内容泄露漏洞，允许本地攻击者利用漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Apple iOS 8.3已经修复该漏洞，建议用户下载更新： https://www.apple.com

Reference

https://support.apple.com/en-us/HT204661

Impacted products

Name
['Apple iPad >=2', 'Apple iPhone >= 4s', 'Apple iPod Touch >= 5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1097"
    }
  },
  "description": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS MobileFrameBuffer\u5b58\u5728\u5185\u5b58\u5185\u5bb9\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Barak Gabai of the IBM X-Force Application Security Research Team",
  "formalWay": "Apple iOS 8.3\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://www.apple.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02317",
  "openTime": "2015-04-13",
  "patchDescription": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS MobileFrameBuffer\u5b58\u5728\u5185\u5b58\u5185\u5bb9\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS MobileFrameBuffer\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple iPad \u003e=2",
      "Apple iPhone \u003e= 4s",
      "Apple iPod Touch \u003e= 5"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/HT204661",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-09",
  "title": "Apple iOS MobileFrameBuffer\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e"
}

fkie_cve-2015-1097

Vulnerability from fkie_nvd

Published

2015-04-10 14:59

Modified

2025-04-12 10:46

Severity ?

Summary

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/73983
product-security@apple.com	http://www.securitytracker.com/id/1032050
product-security@apple.com	https://support.apple.com/HT204661	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204662	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73983
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032050
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204661	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204662	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	iphone_os	*
	apple	tvos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0340315-35F7-4736-854B-852916D00673",
              "versionEndIncluding": "8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98C1F4A-0A10-42CF-ABD5-A2248D55C7F0",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app."
    },
    {
      "lang": "es",
      "value": "IOMobileFramebuffer en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes obtener informaci\u00f3n sensible sobre la memoria del kernel a trav\u00e9s de una aplicaci\u00f3n manipulada."
    }
  ],
  "id": "CVE-2015-1097",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-10T14:59:13.577",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/73983"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1032050"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204661"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204662"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-1097 (GCVE-0-2015-1097)

Vulnerability from cvelistv5

var-201504-0113

Vulnerability from variot

ghsa-2mj2-v476-v72f

Vulnerability from github

CERTFR-2015-AVI-147

Vulnerability from certfr_avis

Solution

gsd-2015-1097

Vulnerability from gsd

cnvd-2015-02317

Vulnerability from cnvd

fkie_cve-2015-1097

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature