CVE-2015-1065 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 54.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple About Security Update 2015-003 +1 more

Timeline

PublishedMar 12

Latest updateMay 17

Description

Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 5.5 | Impact: 6.4

Affected Packages4 packages

▶NVDapple/mac_os_x10.10.2

▶NVDapple/iphone_os8.1.3

▶Appleapple/ios8.2

▶Appleapple/about_security_update_2015-003

🔴Vulnerability Details

GHSA

GHSA-j6gv-92m5-c6j9: Multiple buffer overflows in iCloud Keychain in Apple iOS before 8↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2015-1065: iOS 8.2↗

▶

Apple

CVE-2015-1065: About Security Update 2015-003↗

▶