cvelistv5 - cve-2015-7068

CVE-2015-7068 (GCVE-0-2015-7068)

Vulnerability from cvelistv5

Published

2015-12-11 11:00

Modified

2024-08-06 07:36

Severity ?

CWE

Summary

References

URL

Tags

product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html	Mailing List, Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/78719	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1034344	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT205635	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT205637	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT205640	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT205641	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/78719	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034344	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205635	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205637	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205640	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205641	Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:36:35.263Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205635"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205637"
          },
          {
            "name": "1034344",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034344"
          },
          {
            "name": "APPLE-SA-2015-12-08-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
          },
          {
            "name": "APPLE-SA-2015-12-08-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
          },
          {
            "name": "78719",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78719"
          },
          {
            "name": "APPLE-SA-2015-12-08-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205641"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205640"
          },
          {
            "name": "APPLE-SA-2015-12-08-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-12T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205635"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205637"
        },
        {
          "name": "1034344",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034344"
        },
        {
          "name": "APPLE-SA-2015-12-08-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
        },
        {
          "name": "APPLE-SA-2015-12-08-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
        },
        {
          "name": "78719",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/78719"
        },
        {
          "name": "APPLE-SA-2015-12-08-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205641"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205640"
        },
        {
          "name": "APPLE-SA-2015-12-08-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-7068",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT205635",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205635"
            },
            {
              "name": "https://support.apple.com/HT205637",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205637"
            },
            {
              "name": "1034344",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034344"
            },
            {
              "name": "APPLE-SA-2015-12-08-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
            },
            {
              "name": "APPLE-SA-2015-12-08-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
            },
            {
              "name": "78719",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/78719"
            },
            {
              "name": "APPLE-SA-2015-12-08-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
            },
            {
              "name": "https://support.apple.com/HT205641",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205641"
            },
            {
              "name": "https://support.apple.com/HT205640",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205640"
            },
            {
              "name": "APPLE-SA-2015-12-08-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2015-7068",
    "datePublished": "2015-12-11T11:00:00",
    "dateReserved": "2015-09-16T00:00:00",
    "dateUpdated": "2024-08-06T07:36:35.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-7068\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-12-11T11:59:34.090\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.\"},{\"lang\":\"es\",\"value\":\"IOKit SCSI en Apple iOS en versiones anteriores a 9.2, OS X en versiones anteriores a 10.11.2, tvOS en versiones anteriores a 9.1 y watchOS en versiones anteriores a 2.1 permite a atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado o provocar una denegaci\u00f3n de servicio (referencia a puntero NULL) a trav\u00e9s de una aplicaci\u00f3n que proporciona un tipo userclient no especificado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2\",\"matchCriteriaId\":\"81442835-EA39-4881-872D-1C9187240E38\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.1\",\"matchCriteriaId\":\"13F4C5CF-ABD9-44C5-9109-371425F853ED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.1\",\"matchCriteriaId\":\"44C72A19-B4C6-43A0-A196-CEF4D2840359\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.11.2\",\"matchCriteriaId\":\"01F64564-E8D0-4EDB-95C0-66069C55FC5E\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/78719\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034344\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT205635\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205637\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205640\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205641\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/78719\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT205635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205641\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-xh7j-p2mw-685q

Vulnerability from github

Published

2022-05-14 01:16

Modified

2022-05-14 01:16

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-12-11T11:59:00Z",
    "severity": "HIGH"
  },
  "details": "IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.",
  "id": "GHSA-xh7j-p2mw-685q",
  "modified": "2022-05-14T01:16:07Z",
  "published": "2022-05-14T01:16:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7068"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205635"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205637"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205640"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205641"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/78719"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034344"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2015-08130

Vulnerability from cnvd

Title

Apple OS X OKit空指针引用任意代码执行漏洞

Description

Apple OS X是一款苹果公司开发的操作系统。 Apple OS X处理OKit存在空指针引用漏洞，允许攻击者利用漏洞以系统权限执行任意代码。

Severity

高

Patch Name

Apple OS X OKit空指针引用任意代码执行漏洞的补丁

Patch Description

Apple OS X是一款苹果公司开发的操作系统。 Apple OS X处理OKit存在空指针引用漏洞，允许攻击者利用漏洞以系统权限执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://support.apple.com/en-us/HT205637

Reference

https://support.apple.com/en-us/HT205637

Impacted products

Name
['Apple IOS <9.2', 'Apple tvOS <9.1', 'Apple OS X <10.11.2', 'Apple watchOS <2.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7068"
    }
  },
  "description": "Apple OS X\u662f\u4e00\u6b3e\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple OS X\u5904\u7406OKit\u5b58\u5728\u7a7a\u6307\u9488\u5f15\u7528\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Ian Beer of Google Project Zero",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/en-us/HT205637",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-08130",
  "openTime": "2015-12-15",
  "patchDescription": "Apple OS X\u662f\u4e00\u6b3e\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple OS X\u5904\u7406OKit\u5b58\u5728\u7a7a\u6307\u9488\u5f15\u7528\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple OS X OKit\u7a7a\u6307\u9488\u5f15\u7528\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c9.2",
      "Apple tvOS \u003c9.1",
      "Apple OS X \u003c10.11.2",
      "Apple watchOS \u003c2.1"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/HT205637",
  "serverity": "\u9ad8",
  "submitTime": "2015-12-13",
  "title": "Apple OS X OKit\u7a7a\u6307\u9488\u5f15\u7528\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple OS X El Capitan versions antérieures à 10.11.2
Apple	N/A	OS X Yosemite versions antérieures à Security Update 2015-008
Apple	N/A	OS X Mavericks versions antérieures à Security Update 2015-008

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205637 du 08 décembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple OS X El Capitan versions ant\u00e9rieures \u00e0 10.11.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite versions ant\u00e9rieures \u00e0 Security Update 2015-008",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Mavericks versions ant\u00e9rieures \u00e0 Security Update 2015-008",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7067"
    },
    {
      "name": "CVE-2015-7001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7001"
    },
    {
      "name": "CVE-2015-7075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7075"
    },
    {
      "name": "CVE-2015-7076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7076"
    },
    {
      "name": "CVE-2015-6908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6908"
    },
    {
      "name": "CVE-2015-7073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7073"
    },
    {
      "name": "CVE-2015-7094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7094"
    },
    {
      "name": "CVE-2015-7107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7107"
    },
    {
      "name": "CVE-2015-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7039"
    },
    {
      "name": "CVE-2015-7074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7074"
    },
    {
      "name": "CVE-2015-7060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7060"
    },
    {
      "name": "CVE-2015-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7068"
    },
    {
      "name": "CVE-2015-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3807"
    },
    {
      "name": "CVE-2015-7110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7110"
    },
    {
      "name": "CVE-2015-7058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7058"
    },
    {
      "name": "CVE-2015-7062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7062"
    },
    {
      "name": "CVE-2015-7043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7043"
    },
    {
      "name": "CVE-2015-7066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7066"
    },
    {
      "name": "CVE-2015-7077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7077"
    },
    {
      "name": "CVE-2015-7042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7042"
    },
    {
      "name": "CVE-2015-7109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7109"
    },
    {
      "name": "CVE-2012-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1148"
    },
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2015-7105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7105"
    },
    {
      "name": "CVE-2015-7804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7804"
    },
    {
      "name": "CVE-2015-7106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7106"
    },
    {
      "name": "CVE-2015-7063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7063"
    },
    {
      "name": "CVE-2015-7081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7081"
    },
    {
      "name": "CVE-2015-7038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7038"
    },
    {
      "name": "CVE-2015-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7061"
    },
    {
      "name": "CVE-2015-7803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7803"
    },
    {
      "name": "CVE-2015-7053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7053"
    },
    {
      "name": "CVE-2015-7059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7059"
    },
    {
      "name": "CVE-2015-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
    },
    {
      "name": "CVE-2015-7046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7046"
    },
    {
      "name": "CVE-2015-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7064"
    },
    {
      "name": "CVE-2015-7078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7078"
    },
    {
      "name": "CVE-2015-7083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7083"
    },
    {
      "name": "CVE-2015-7108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7108"
    },
    {
      "name": "CVE-2015-7084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7084"
    },
    {
      "name": "CVE-2015-7112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7112"
    },
    {
      "name": "CVE-2015-5334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
    },
    {
      "name": "CVE-2015-7041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7041"
    },
    {
      "name": "CVE-2015-7044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7044"
    },
    {
      "name": "CVE-2015-7054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7054"
    },
    {
      "name": "CVE-2011-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
    },
    {
      "name": "CVE-2015-7111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7111"
    },
    {
      "name": "CVE-2012-1147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1147"
    },
    {
      "name": "CVE-2015-7047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7047"
    },
    {
      "name": "CVE-2015-7065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7065"
    },
    {
      "name": "CVE-2015-7071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7071"
    },
    {
      "name": "CVE-2015-7045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7045"
    },
    {
      "name": "CVE-2015-7040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7040"
    },
    {
      "name": "CVE-2015-7052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7052"
    }
  ],
  "initial_release_date": "2015-12-09T00:00:00",
  "last_revision_date": "2015-12-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-534",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205637 du 08 d\u00e9cembre 2015",
      "url": "https://support.apple.com/en-us/HT205637"
    }
  ]
}

CERTFR-2015-AVI-532

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple iOS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iOS versions antérieures à 9.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205635 du 08 décembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple iOS versions ant\u00e9rieures \u00e0 9.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7001"
    },
    {
      "name": "CVE-2015-7075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7075"
    },
    {
      "name": "CVE-2015-7113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7113"
    },
    {
      "name": "CVE-2015-7073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7073"
    },
    {
      "name": "CVE-2015-7069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7069"
    },
    {
      "name": "CVE-2015-7094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7094"
    },
    {
      "name": "CVE-2015-7107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7107"
    },
    {
      "name": "CVE-2015-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7039"
    },
    {
      "name": "CVE-2015-7074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7074"
    },
    {
      "name": "CVE-2015-7098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7098"
    },
    {
      "name": "CVE-2015-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7068"
    },
    {
      "name": "CVE-2015-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3807"
    },
    {
      "name": "CVE-2015-7058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7058"
    },
    {
      "name": "CVE-2015-7043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7043"
    },
    {
      "name": "CVE-2015-7066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7066"
    },
    {
      "name": "CVE-2015-7042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7042"
    },
    {
      "name": "CVE-2015-7070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7070"
    },
    {
      "name": "CVE-2015-7097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7097"
    },
    {
      "name": "CVE-2015-7072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7072"
    },
    {
      "name": "CVE-2015-7105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7105"
    },
    {
      "name": "CVE-2015-7050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7050"
    },
    {
      "name": "CVE-2015-7079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7079"
    },
    {
      "name": "CVE-2015-7081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7081"
    },
    {
      "name": "CVE-2015-7038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7038"
    },
    {
      "name": "CVE-2015-7102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7102"
    },
    {
      "name": "CVE-2015-7096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7096"
    },
    {
      "name": "CVE-2015-7048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7048"
    },
    {
      "name": "CVE-2015-7100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7100"
    },
    {
      "name": "CVE-2015-7053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7053"
    },
    {
      "name": "CVE-2015-7046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7046"
    },
    {
      "name": "CVE-2015-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7064"
    },
    {
      "name": "CVE-2015-7083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7083"
    },
    {
      "name": "CVE-2015-7095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7095"
    },
    {
      "name": "CVE-2015-7103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7103"
    },
    {
      "name": "CVE-2015-7084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7084"
    },
    {
      "name": "CVE-2015-7112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7112"
    },
    {
      "name": "CVE-2015-7099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7099"
    },
    {
      "name": "CVE-2015-7037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7037"
    },
    {
      "name": "CVE-2015-7093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7093"
    },
    {
      "name": "CVE-2015-7041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7041"
    },
    {
      "name": "CVE-2015-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7055"
    },
    {
      "name": "CVE-2015-7054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7054"
    },
    {
      "name": "CVE-2011-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
    },
    {
      "name": "CVE-2015-7111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7111"
    },
    {
      "name": "CVE-2015-7051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7051"
    },
    {
      "name": "CVE-2015-7047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7047"
    },
    {
      "name": "CVE-2015-7065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7065"
    },
    {
      "name": "CVE-2015-7080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7080"
    },
    {
      "name": "CVE-2015-7101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7101"
    },
    {
      "name": "CVE-2015-7040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7040"
    }
  ],
  "initial_release_date": "2015-12-09T00:00:00",
  "last_revision_date": "2015-12-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-532",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205635 du 08 d\u00e9cembre 2015",
      "url": "https://support.apple.com/en-us/HT205635"
    }
  ]
}

gsd-2015-7068

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-7068

Aliases

CVE-2015-7068

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7068",
    "description": "IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.",
    "id": "GSD-2015-7068",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-7068"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7068"
      ],
      "details": "IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.",
      "id": "GSD-2015-7068",
      "modified": "2023-12-13T01:20:01.883652Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-7068",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT205635",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205635"
          },
          {
            "name": "https://support.apple.com/HT205637",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205637"
          },
          {
            "name": "1034344",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034344"
          },
          {
            "name": "APPLE-SA-2015-12-08-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
          },
          {
            "name": "APPLE-SA-2015-12-08-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
          },
          {
            "name": "78719",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/78719"
          },
          {
            "name": "APPLE-SA-2015-12-08-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
          },
          {
            "name": "https://support.apple.com/HT205641",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205641"
          },
          {
            "name": "https://support.apple.com/HT205640",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205640"
          },
          {
            "name": "APPLE-SA-2015-12-08-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.11.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-7068"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-12-08-2",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
            },
            {
              "name": "APPLE-SA-2015-12-08-3",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
            },
            {
              "name": "https://support.apple.com/HT205637",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205637"
            },
            {
              "name": "APPLE-SA-2015-12-08-1",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
            },
            {
              "name": "https://support.apple.com/HT205641",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205641"
            },
            {
              "name": "https://support.apple.com/HT205635",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205635"
            },
            {
              "name": "APPLE-SA-2015-12-08-4",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
            },
            {
              "name": "https://support.apple.com/HT205640",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205640"
            },
            {
              "name": "78719",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/78719"
            },
            {
              "name": "1034344",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1034344"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-03-25T17:52Z",
      "publishedDate": "2015-12-11T11:59Z"
    }
  }
}

fkie_cve-2015-7068

Vulnerability from fkie_nvd

Published

2015-12-11 11:59

Modified

2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html	Mailing List, Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/78719	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1034344	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT205635	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT205637	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT205640	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT205641	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/78719	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034344	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205635	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205637	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205640	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205641	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	watchos	*
apple	tvos	*
apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81442835-EA39-4881-872D-1C9187240E38",
              "versionEndExcluding": "9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13F4C5CF-ABD9-44C5-9109-371425F853ED",
              "versionEndExcluding": "2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44C72A19-B4C6-43A0-A196-CEF4D2840359",
              "versionEndExcluding": "9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01F64564-E8D0-4EDB-95C0-66069C55FC5E",
              "versionEndExcluding": "10.11.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type."
    },
    {
      "lang": "es",
      "value": "IOKit SCSI en Apple iOS en versiones anteriores a 9.2, OS X en versiones anteriores a 10.11.2, tvOS en versiones anteriores a 9.1 y watchOS en versiones anteriores a 2.1 permite a atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado o provocar una denegaci\u00f3n de servicio (referencia a puntero NULL) a trav\u00e9s de una aplicaci\u00f3n que proporciona un tipo userclient no especificado."
    }
  ],
  "id": "CVE-2015-7068",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2015-12-11T11:59:34.090",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/78719"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034344"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205635"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205637"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205640"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205641"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/78719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205641"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201512-0167

Vulnerability from variot

IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.2, watchOS 2.1, OS X 10.11.2, and tvOS 9.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A security vulnerability exists in the IOKit SCSI of several Apple products. The vulnerability is caused by the program not properly handling the userclient type. Description: An issue existed in how Keychain Access interacted with Keychain Agent. CVE-ID CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks

Installation note:

Apple TV will periodically check for software updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2015-12-08-1 iOS 9.2

iOS 9.2 is now available and addresses the following:

AppleMobileFileIntegrity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An access control issue was addressed by preventing modification of access control structures. CVE-ID CVE-2015-7055 : Apple

AppSandbox Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt

CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to bypass HSTS Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and Muneaki Nishimura (nishimunea)

Compression Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru

CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team

CoreMedia Playback Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of malformed media files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7074 : Apple CVE-2015-7075

dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple segment validation issues existed in dyld. These were addressed through improved environment sanitization. CVE-ID CVE-2015-7072 : Apple CVE-2015-7079 : PanguTeam

GPUTools Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple path validation issues existed in Mobile Replayer. These were addressed through improved environment sanitization. CVE-ID CVE-2015-7069 : Luca Todesco (@qwertyoruiop) CVE-2015-7070 : Luca Todesco (@qwertyoruiop)

iBooks Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: An XML external entity reference issue existed with iBook parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)

ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple

IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily API. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero

IOKit SCSI Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool)

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero

LaunchServices Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7113 : Olivier Goguel of Free Tools Association

libarchive Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift

libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)

libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological University

MobileStorageMounter Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A timing issue existed in loading of the trust cache. This issue was resolved by validating the system environment before loading the trust cache. CVE-ID CVE-2015-7051 : PanguTeam

OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7065 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks

Photos Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to use the backup system to access restricted areas of the file system Description: A path validation issue existed in Mobile Backup. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7037 : PanguTeam

QuickLook Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7107

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue may have allowed a website to display content with a URL from a different website. This issue was addressed through improved URL handling. CVE-ID CVE-2015-7093 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)

Sandbox Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple

Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.

Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may gain access to a user's Keychain items Description: An issue existed in the validation of access control lists for keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-7058

Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: When a request was made to Siri, client side restrictions were not being checked by the server. This issue was addressed through improved restriction checking. CVE-ID CVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7048 : Apple CVE-2015-7095 : Apple CVE-2015-7096 : Apple CVE-2015-7097 : Apple CVE-2015-7098 : Apple CVE-2015-7099 : Apple CVE-2015-7100 : Apple CVE-2015-7101 : Apple CVE-2015-7102 : Apple CVE-2015-7103 : Apple

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: An insufficient input validation issue existed in content blocking. This issue was addressed through improved content extension parsing. CVE-ID CVE-2015-7050 : Luke Li and Jonathan Metzman

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "9.2".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV qnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1 0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx +f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9 YHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK jOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq bip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J FyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs FgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1 zLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79 X6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL /ohF4zrwzeJ8a/8oKLfe =Rjch -----END PGP SIGNATURE----- . CVE-ID CVE-2015-6997 : Apple

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About"

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0167",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "apple",
        "version": "10.11.1"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.2"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.2   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.2   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.2   (ipod touch first  5 after generation )"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1   (apple tv first  4 generation )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.1   (apple watch edition)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.1   (apple watch hermes)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.1   (apple watch sport)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.1   (apple watch)"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78719"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-357"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7068"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:apple_tv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:watchos",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt, j00ru, John Villamil (@day6reak),Yahoo Pentest Team",
    "sources": [
      {
        "db": "BID",
        "id": "78719"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-7068",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-7068",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-85029",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2015-7068",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-7068",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-7068",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-357",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85029",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85029"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-357"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7068"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result  in a denial-of-service condition. \nVersions prior to iOS 9.2, watchOS 2.1, OS X 10.11.2, and tvOS 9.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A security vulnerability exists in the IOKit SCSI of several Apple products. The vulnerability is caused by the program not properly handling the userclient type. \nDescription:  An issue existed in how Keychain Access interacted with\nKeychain Agent. \nCVE-ID\nCVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nInstallation note:\n\nApple TV will periodically check for software updates. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2015-12-08-1 iOS 9.2\n\niOS 9.2 is now available and addresses the following:\n\nAppleMobileFileIntegrity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An access control issue was addressed by preventing\nmodification of access control structures. \nCVE-ID\nCVE-2015-7055 : Apple\n\nAppSandbox\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may maintain access to Contacts\nafter having access revoked\nDescription:  An issue existed in the sandbox\u0027s handling of hard\nlinks. This issue was addressed through improved hardening of the app\nsandbox. \nCVE-ID\nCVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University\nPOLITEHNICA of Bucharest; Luke Deshotels and William Enck of North\nCarolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi\nof TU Darmstadt\n\nCFNetwork HTTPProtocol\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may be able\nto bypass HSTS\nDescription:  An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and\nMuneaki Nishimura (nishimunea)\n\nCompression\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  An uninitialized memory access issue existed in zlib. \nThis issue was addressed through improved memory initialization and\nadditional validation of zlib streams. \nCVE-ID\nCVE-2015-7054 : j00ru\n\nCoreGraphics\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCoreMedia Playback\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of malformed media files. These issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-7074 : Apple\nCVE-2015-7075\n\ndyld\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple segment validation issues existed in dyld. \nThese were addressed through improved environment sanitization. \nCVE-ID\nCVE-2015-7072 : Apple\nCVE-2015-7079 : PanguTeam\n\nGPUTools Framework\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple path validation issues existed in Mobile\nReplayer. These were addressed through improved environment\nsanitization. \nCVE-ID\nCVE-2015-7069 : Luca Todesco (@qwertyoruiop)\nCVE-2015-7070 : Luca Todesco (@qwertyoruiop)\n\niBooks\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Parsing a maliciously crafted iBooks file may lead to\ndisclosure of user information\nDescription:  An XML external entity reference issue existed with\niBook parsing. This issue was addressed through improved parsing. \nCVE-ID\nCVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach\n(@ITSecurityguard)\n\nImageIO\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in ImageIO. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-7053 : Apple\n\nIOHIDFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple memory corruption issues existed in\nIOHIDFamily API. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7111 : beist and ABH of BoB\nCVE-2015-7112 : Ian Beer of Google Project Zero\n\nIOKit SCSI\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription:  A null pointer dereference existed in the handling of a\ncertain userclient type. This issue was addressed through improved\nvalidation. \nCVE-ID\nCVE-2015-7068 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local application may be able to cause a denial of service\nDescription:  Multiple denial of service issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7043 : Tarjei Mandt (@kernelpool)\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues existed in the\nkernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7083 : Ian Beer of Google Project Zero\nCVE-2015-7084 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  An issue existed in the parsing of mach messages. This\nissue was addressed through improved validation of mach messages. \nCVE-ID\nCVE-2015-7047 : Ian Beer of Google Project Zero\n\nLaunchServices\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the processing of\nmalformed plists. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7113 : Olivier Goguel of Free Tools Association\n\nlibarchive\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in the processing of\narchives. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2011-2895 : @practicalswift\n\nlibc\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted package may lead to\narbitrary code execution\nDescription:  Multiple buffer overflows existed in the C standard\nlibrary. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-7038\nCVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)\n\nlibxml2\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  A memory corruption issue existed in the parsing of XML\nfiles. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\n\nMobileStorageMounter\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A timing issue existed in loading of the trust cache. \nThis issue was resolved by validating the system environment before\nloading the trust cache. \nCVE-ID\nCVE-2015-7051 : PanguTeam\n\nOpenGL\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in OpenGL. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7064 : Apple\nCVE-2015-7065 : Apple\nCVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nPhotos\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to use the backup system to access\nrestricted areas of the file system\nDescription:  A path validation issue existed in Mobile Backup. This\nwas addressed through improved environment sanitization. \nCVE-ID\nCVE-2015-7037 : PanguTeam\n\nQuickLook\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7107\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  An issue may have allowed a website to display content\nwith a URL from a different website. This issue was addressed through\nimproved URL handling. \nCVE-ID\nCVE-2015-7093 : xisigr of Tencent\u0027s Xuanwu LAB (www.tencent.com)\n\nSandbox\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application with root privileges may be able to\nbypass kernel address space layout randomization\nDescription:  An insufficient privilege separation issue existed in\nxnu. This issue was addressed by improved authorization checks. \nCVE-ID\nCVE-2015-7046 : Apple\n\nSecurity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription:  A memory corruption issue existed in handling SSL\nhandshakes. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7073 : Benoit Foucher of ZeroC, Inc. \n\nSecurity\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may gain access to a user\u0027s Keychain\nitems\nDescription:  An issue existed in the validation of access control\nlists for keychain items. This issue was addressed through improved\naccess control list checks. \nCVE-ID\nCVE-2015-7058\n\nSiri\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to an iOS device may be able\nto use Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription:  When a request was made to Siri, client side\nrestrictions were not being checked by the server. This issue was\naddressed through improved restriction checking. \nCVE-ID\nCVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7048 : Apple\nCVE-2015-7095 : Apple\nCVE-2015-7096 : Apple\nCVE-2015-7097 : Apple\nCVE-2015-7098 : Apple\nCVE-2015-7099 : Apple\nCVE-2015-7100 : Apple\nCVE-2015-7101 : Apple\nCVE-2015-7102 : Apple\nCVE-2015-7103 : Apple\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may reveal a user\u0027s\nbrowsing history\nDescription:  An insufficient input validation issue existed in\ncontent blocking. This issue was addressed through improved content\nextension parsing. \nCVE-ID\nCVE-2015-7050 : Luke Li and Jonathan Metzman\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV\nqnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1\n0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx\n+f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9\nYHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK\njOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq\nbip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J\nFyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs\nFgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1\nzLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79\nX6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL\n/ohF4zrwzeJ8a/8oKLfe\n=Rjch\n-----END PGP SIGNATURE-----\n. \nCVE-ID\nCVE-2015-6997 : Apple\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/en-us/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      },
      {
        "db": "BID",
        "id": "78719"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85029"
      },
      {
        "db": "PACKETSTORM",
        "id": "134749"
      },
      {
        "db": "PACKETSTORM",
        "id": "134745"
      },
      {
        "db": "PACKETSTORM",
        "id": "134750"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-85029",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85029"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7068",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "78719",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1034344",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU97526033",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-357",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "135430",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "39376",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-85029",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134749",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134745",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134750",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85029"
      },
      {
        "db": "BID",
        "id": "78719"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      },
      {
        "db": "PACKETSTORM",
        "id": "134749"
      },
      {
        "db": "PACKETSTORM",
        "id": "134745"
      },
      {
        "db": "PACKETSTORM",
        "id": "134750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-357"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7068"
      }
    ]
  },
  "id": "VAR-201512-0167",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85029"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:24:24.226000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "APPLE-SA-2015-12-08-1 iOS 9.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
      },
      {
        "title": "APPLE-SA-2015-12-08-4 watchOS 2.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
      },
      {
        "title": "APPLE-SA-2015-12-08-2 tvOS 9.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
      },
      {
        "title": "APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
      },
      {
        "title": "HT205635",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT205635"
      },
      {
        "title": "HT205641",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT205641"
      },
      {
        "title": "HT205640",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT205640"
      },
      {
        "title": "HT205637",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT205637"
      },
      {
        "title": "HT205641",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT205641"
      },
      {
        "title": "HT205640",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT205640"
      },
      {
        "title": "HT205637",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT205637"
      },
      {
        "title": "HT205635",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT205635"
      },
      {
        "title": "Multiple Apple product IOKit SCSI Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59175"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-357"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85029"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7068"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/78719"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205635"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205637"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205640"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205641"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034344"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7068"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97526033/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7068"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/accessibility/tvos/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/watchos-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7064"
      },
      {
        "trust": 0.3,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7047"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7046"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7068"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7043"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7053"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7042"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2895"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7001"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7039"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7072"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7040"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7054"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7041"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7073"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7038"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7066"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3807"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7055"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7048"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7060"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7058"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7059"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7051"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7065"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7061"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7045"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7062"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7050"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7070"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7037"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7069"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7074"
      },
      {
        "trust": 0.1,
        "url": "https://www.linkedin.com/profile/view?id=33912591)"
      },
      {
        "trust": 0.1,
        "url": "https://www.tencent.com)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6979"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6997"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6978"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7075"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7083"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7111"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85029"
      },
      {
        "db": "BID",
        "id": "78719"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      },
      {
        "db": "PACKETSTORM",
        "id": "134749"
      },
      {
        "db": "PACKETSTORM",
        "id": "134745"
      },
      {
        "db": "PACKETSTORM",
        "id": "134750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-357"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7068"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-85029"
      },
      {
        "db": "BID",
        "id": "78719"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      },
      {
        "db": "PACKETSTORM",
        "id": "134749"
      },
      {
        "db": "PACKETSTORM",
        "id": "134745"
      },
      {
        "db": "PACKETSTORM",
        "id": "134750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-357"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7068"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85029"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "BID",
        "id": "78719"
      },
      {
        "date": "2015-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      },
      {
        "date": "2015-12-10T17:18:31",
        "db": "PACKETSTORM",
        "id": "134749"
      },
      {
        "date": "2015-12-10T17:02:06",
        "db": "PACKETSTORM",
        "id": "134745"
      },
      {
        "date": "2015-12-10T17:20:29",
        "db": "PACKETSTORM",
        "id": "134750"
      },
      {
        "date": "2015-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-357"
      },
      {
        "date": "2015-12-11T11:59:34.090000",
        "db": "NVD",
        "id": "CVE-2015-7068"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85029"
      },
      {
        "date": "2016-01-12T02:01:00",
        "db": "BID",
        "id": "78719"
      },
      {
        "date": "2015-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      },
      {
        "date": "2019-03-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-357"
      },
      {
        "date": "2024-11-21T02:36:09.747000",
        "db": "NVD",
        "id": "CVE-2015-7068"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-357"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product  IOKit SCSI Vulnerable to arbitrary code execution in a privileged context",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006346"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-357"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-7068 (GCVE-0-2015-7068)

Vulnerability from cvelistv5

ghsa-xh7j-p2mw-685q

Vulnerability from github

cnvd-2015-08130

Vulnerability from cnvd

CERTFR-2015-AVI-534

Vulnerability from certfr_avis

Solution

CERTFR-2015-AVI-532

Vulnerability from certfr_avis

Solution

gsd-2015-7068

Vulnerability from gsd

fkie_cve-2015-7068

Vulnerability from fkie_nvd

var-201512-0167

Vulnerability from variot

Tags

Sightings

Nomenclature