CVE-2015-1061 — Code Injection in Apple Iphone OS

CWE-94 — Code Injection7 documents4 sources

Severity

9.3CRITICALNVD

OSV7.6

EPSS

5.4%

top 9.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +4 more

Timeline

PublishedMar 12

Latest updateJul 11

Description

IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages7 packages

▶NVDapple/tvos7.0.3

▶NVDapple/mac_os_x10.10.2

▶NVDapple/iphone_os8.1.3

▶Appleapple/ios8.2

▶Appleapple/apple_tv7.1

🔴Vulnerability Details

OSV

python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities↗2024-07-11

▶

GHSA

GHSA-vm87-xq8q-f9xp: IOSurface in Apple iOS before 8↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2015-1061: About Security Update 2015-002↗

▶

Apple

CVE-2015-1061: About Security Update 2015-003↗

▶

Apple

CVE-2015-1061: iOS 8.2↗

▶

Apple

CVE-2015-1061: Apple TV 7.1↗

▶