var-201504-0120
Vulnerability from variot
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet. Apple TV/Mac OS X/iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, conduct phishing attacks and perform other attacks. Failed attacks may cause denial-of-service conditions. A remote attacker can exploit this vulnerability by sending specially crafted packets to bypass established network-filtering protection mechanisms. The following products and versions are affected: Apple iOS 8.2 and earlier, Apple OS X 10.10.2 and earlier, Apple TV 7.1 and earlier. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2015-04-08-4 Apple TV 7.2
Apple TV 7.2 is now available and addresses the following:
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in IOKit objects used by an audio driver. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-1086
Apple TV Available for: Apple TV 3rd generation and later Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2015-1092 : Ikuya Fukumoto
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOAcceleratorFamily that led to the disclosure of kernel memory content. This issue was addressed by removing unneeded code. CVE-ID CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in MobileFrameBuffer that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security Research Team
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd
Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on iOS. This issue was addressed by disabling ICMP redirects. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team
Apple TV Available for: Apple TV 3rd generation and later Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io
Apple TV Available for: Apple TV 3rd generation and later Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.
Apple TV Available for: Apple TV 3rd generation and later Impact: Unnecessary information may be sent to external servers when downloading podcast assets Description: When downloading assets for podcast a user was subscribed to, unique identifiers were sent to external servers. This issue was resolved by removing these identifiers. CVE-ID CVE-2015-1110 : Alex Selivanov
Apple TV Available for: Apple TV 3rd generation and later Impact: Hardware identifiers may be accessible by third-party apps Description: An information disclosure issue existed in the third- party app sandbox. This issue was addressed by improving the sandbox profile. CVE-ID CVE-2015-1114
Apple TV Available for: Apple TV 3rd generation and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1068 : Apple CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative CVE-2015-1070 : Apple CVE-2015-1071 : Apple CVE-2015-1072 CVE-2015-1073 : Apple CVE-2015-1074 : Apple CVE-2015-1076 CVE-2015-1077 : Apple CVE-2015-1078 : Apple CVE-2015-1079 : Apple CVE-2015-1080 : Apple CVE-2015-1081 : Apple CVE-2015-1082 : Apple CVE-2015-1083 : Apple CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2015-1120 : Apple CVE-2015-1121 : Apple CVE-2015-1122 : Apple CVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc. CVE-2015-1124 : Apple
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software".
To check the current version of software, select "Settings -> General -> About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJVJHMgAAoJEBcWfLTuOo7tjVUP/3e7Bo8L4f4+EFs7jkhKVzP5 6LxAuhAtXu+476K1iDKOwa0gyLu8ftp95Af0rgUHjqmNGgsrAYZPgG8Q3HzS/RpK 1JyShFHNIF87sqVGYfVpRthO10yRAQxNmJ/6zGTRU/Djwb/FBZyrMcbG0SMZ47KX CerNerPwiI7dzKWWNHgvmj9ydJU9bSyI5bgweQ565BLKs0Lar8aqj6A/iV1Ekltn A33LSrgMTgK+pjUl1CwQLZ05x9YPpCGXsA55u3MApfL2ZdoOk0VBpi/e56JrSq1J BioCyTJn+DwDY+FjGg5vCjeGJGq4zQ/2SsLQwKLiK6Fje68LutNtrqPtNApWabh3 j876IiLpih2ZMV4KgqvCrkkMI2fkXlVOMLKUhI+UHJ4aWJTNprRwLbaJ7boQ9TCy MJ9B39iPJtyZWtorXBUc0RC2N1HLj5ONZut6FtRkIoiMTaGe6ejbvM39BWC+1sgW PsAYkvrEKzTcSdC6yY1RI2bufBD9SgtMD8f6y/q912uHf55poPSR9SV1iV5Tzftz UPvxGTLlmcXzU52nlSZNYEp4U9Nh02ltUYhs6MptoVvHf4MZW9TaIj9YpBNdVMvb vjB3UoPyAAb4GUqqVK6l5c6wlCyoCRg6Z86a99bW7PKBUP5C0LEzqwbZIMCkrX3i iPMObURhCq+xIYRUTKXE =ktgN -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0120",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.2"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.2"
},
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "tv",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.2 (apple tv first 3 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.3 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.3 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.3 (ipod touch first 5 after generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "1.0.1 (apple watch edition)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "1.0.1 (apple watch sport)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "1.0.1 (apple watch)"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "8.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "73981"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002160"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-129"
},
{
"db": "NVD",
"id": "CVE-2015-1104"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002160"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lokihardt@ASRT working with HP\u0027s Zero Day Initiative, Luca Todesco, Ilja van Sprundel of IOActive, Mark Mentovai of Google Inc, Zimperium Mobile Security Labs, Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab, Maxime Villard of m00nbsd, lokihardt@ASRT",
"sources": [
{
"db": "BID",
"id": "73981"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1104",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-1104",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-79064",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1104",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-1104",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-129",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79064",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-1104",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79064"
},
{
"db": "VULMON",
"id": "CVE-2015-1104"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002160"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-129"
},
{
"db": "NVD",
"id": "CVE-2015-1104"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet. Apple TV/Mac OS X/iOS are prone to multiple security vulnerabilities. \nAttackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, conduct phishing attacks and perform other attacks. Failed attacks may cause denial-of-service conditions. A remote attacker can exploit this vulnerability by sending specially crafted packets to bypass established network-filtering protection mechanisms. The following products and versions are affected: Apple iOS 8.2 and earlier, Apple OS X 10.10.2 and earlier, Apple TV 7.1 and earlier. This issue, also\nknown as FREAK, only affected connections to servers which support\nexport-strength RSA cipher suites, and was addressed by removing\nsupport for ephemeral RSA keys. \nCVE-ID\nCVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nProsecco at Inria Paris\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/en-us/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2015-04-08-4 Apple TV 7.2\n\nApple TV 7.2 is now available and addresses the following:\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in IOKit objects used by an\naudio driver. This issue was addressed through improved validation of\nmetadata. \nCVE-ID\nCVE-2015-1086\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: An application using NSXMLParser may be misused to disclose\ninformation\nDescription: An XML External Entity issue existed in NSXMLParser\u0027s\nhandling of XML. This issue was addressed by not loading external\nentities across origins. \nCVE-ID\nCVE-2015-1092 : Ikuya Fukumoto\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in IOAcceleratorFamily that led to the\ndisclosure of kernel memory content. This issue was addressed by\nremoving unneeded code. \nCVE-ID\nCVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious HID device may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in MobileFrameBuffer that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security\nResearch Team\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to cause a system denial\nof service\nDescription: A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription: setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to cause unexpected\nsystem termination or read kernel memory\nDescription: A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: An attacker with a privileged network position may be able\nto cause a denial of service\nDescription: A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription: ICMP redirects were enabled by default on iOS. This\nissue was addressed by disabling ICMP redirects. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription: A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: Unnecessary information may be sent to external servers when\ndownloading podcast assets\nDescription: When downloading assets for podcast a user was\nsubscribed to, unique identifiers were sent to external servers. This\nissue was resolved by removing these identifiers. \nCVE-ID\nCVE-2015-1110 : Alex Selivanov\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: Hardware identifiers may be accessible by third-party apps\nDescription: An information disclosure issue existed in the third-\nparty app sandbox. This issue was addressed by improving the sandbox\nprofile. \nCVE-ID\nCVE-2015-1114\n\nApple TV\nAvailable for: Apple TV 3rd generation and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-1068 : Apple\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\nCVE-2015-1070 : Apple\nCVE-2015-1071 : Apple\nCVE-2015-1072\nCVE-2015-1073 : Apple\nCVE-2015-1074 : Apple\nCVE-2015-1076\nCVE-2015-1077 : Apple\nCVE-2015-1078 : Apple\nCVE-2015-1079 : Apple\nCVE-2015-1080 : Apple\nCVE-2015-1081 : Apple\nCVE-2015-1082 : Apple\nCVE-2015-1083 : Apple\nCVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung\nElectronics\nCVE-2015-1120 : Apple\nCVE-2015-1121 : Apple\nCVE-2015-1122 : Apple\nCVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc. \nCVE-2015-1124 : Apple\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e General -\u003e Update Software\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT1222\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJVJHMgAAoJEBcWfLTuOo7tjVUP/3e7Bo8L4f4+EFs7jkhKVzP5\n6LxAuhAtXu+476K1iDKOwa0gyLu8ftp95Af0rgUHjqmNGgsrAYZPgG8Q3HzS/RpK\n1JyShFHNIF87sqVGYfVpRthO10yRAQxNmJ/6zGTRU/Djwb/FBZyrMcbG0SMZ47KX\nCerNerPwiI7dzKWWNHgvmj9ydJU9bSyI5bgweQ565BLKs0Lar8aqj6A/iV1Ekltn\nA33LSrgMTgK+pjUl1CwQLZ05x9YPpCGXsA55u3MApfL2ZdoOk0VBpi/e56JrSq1J\nBioCyTJn+DwDY+FjGg5vCjeGJGq4zQ/2SsLQwKLiK6Fje68LutNtrqPtNApWabh3\nj876IiLpih2ZMV4KgqvCrkkMI2fkXlVOMLKUhI+UHJ4aWJTNprRwLbaJ7boQ9TCy\nMJ9B39iPJtyZWtorXBUc0RC2N1HLj5ONZut6FtRkIoiMTaGe6ejbvM39BWC+1sgW\nPsAYkvrEKzTcSdC6yY1RI2bufBD9SgtMD8f6y/q912uHf55poPSR9SV1iV5Tzftz\nUPvxGTLlmcXzU52nlSZNYEp4U9Nh02ltUYhs6MptoVvHf4MZW9TaIj9YpBNdVMvb\nvjB3UoPyAAb4GUqqVK6l5c6wlCyoCRg6Z86a99bW7PKBUP5C0LEzqwbZIMCkrX3i\niPMObURhCq+xIYRUTKXE\n=ktgN\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1104"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002160"
},
{
"db": "BID",
"id": "73981"
},
{
"db": "VULHUB",
"id": "VHN-79064"
},
{
"db": "VULMON",
"id": "CVE-2015-1104"
},
{
"db": "PACKETSTORM",
"id": "131932"
},
{
"db": "PACKETSTORM",
"id": "131361"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1104",
"trust": 3.1
},
{
"db": "SECTRACK",
"id": "1032048",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU91828320",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93832567",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002160",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-129",
"trust": 0.7
},
{
"db": "BID",
"id": "73981",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-79064",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-1104",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131361",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79064"
},
{
"db": "VULMON",
"id": "CVE-2015-1104"
},
{
"db": "BID",
"id": "73981"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002160"
},
{
"db": "PACKETSTORM",
"id": "131932"
},
{
"db": "PACKETSTORM",
"id": "131361"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-129"
},
{
"db": "NVD",
"id": "CVE-2015-1104"
}
]
},
"id": "VAR-201504-0120",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-79064"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:30:33.095000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"title": "APPLE-SA-2015-04-08-4 Apple TV 7.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"title": "APPLE-SA-2015-04-08-3 iOS 8.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"title": "APPLE-SA-2015-05-19-1 Watch OS 1.0.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/May/msg00001.html"
},
{
"title": "HT204662",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204662"
},
{
"title": "HT204661",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204661"
},
{
"title": "HT204870",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT204870"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT204659"
},
{
"title": "HT204870",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT204870"
},
{
"title": "HT204662",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204662"
},
{
"title": "HT204661",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204661"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204659"
},
{
"title": "OSXUpd10.10.3",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54848"
},
{
"title": "iPhone7,1_8.3_12F70_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54847"
},
{
"title": "AppleTV3,2_7.2_12F69_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54849"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002160"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-129"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79064"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002160"
},
{
"db": "NVD",
"id": "CVE-2015-1104"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00003.html"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht204659"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht204661"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht204662"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht204870"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1032048"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1104"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91828320/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93832567/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1104"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/appletv/features.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1104"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1099"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1101"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1096"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1102"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1105"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1103"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1092"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1100"
},
{
"trust": 0.2,
"url": "http://gpgtools.org"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1094"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/73981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1093"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/204873"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1067"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1117"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1083"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1079"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1071"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1082"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1081"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1080"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1074"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79064"
},
{
"db": "VULMON",
"id": "CVE-2015-1104"
},
{
"db": "BID",
"id": "73981"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002160"
},
{
"db": "PACKETSTORM",
"id": "131932"
},
{
"db": "PACKETSTORM",
"id": "131361"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-129"
},
{
"db": "NVD",
"id": "CVE-2015-1104"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-79064"
},
{
"db": "VULMON",
"id": "CVE-2015-1104"
},
{
"db": "BID",
"id": "73981"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002160"
},
{
"db": "PACKETSTORM",
"id": "131932"
},
{
"db": "PACKETSTORM",
"id": "131361"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-129"
},
{
"db": "NVD",
"id": "CVE-2015-1104"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-79064"
},
{
"date": "2015-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1104"
},
{
"date": "2015-04-08T00:00:00",
"db": "BID",
"id": "73981"
},
{
"date": "2015-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002160"
},
{
"date": "2015-05-20T22:44:42",
"db": "PACKETSTORM",
"id": "131932"
},
{
"date": "2015-04-09T16:39:51",
"db": "PACKETSTORM",
"id": "131361"
},
{
"date": "2015-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-129"
},
{
"date": "2015-04-10T14:59:20.047000",
"db": "NVD",
"id": "CVE-2015-1104"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-79064"
},
{
"date": "2019-03-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1104"
},
{
"date": "2015-07-15T00:04:00",
"db": "BID",
"id": "73981"
},
{
"date": "2015-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002160"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-129"
},
{
"date": "2024-11-21T02:24:40.800000",
"db": "NVD",
"id": "CVE-2015-1104"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-129"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Vulnerabilities that bypass the network filter protection mechanism in the product kernel",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002160"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-129"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.