cbcvebase.
CVE-2015-1067
published 2015-03-11

CVE-2015-1067: Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it…

PriorityP433medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
19.63%
97.1th percentile
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.

Affected

10 ranges
VendorProductVersion rangeFixed in
appleabout_security_update_2015-002
appleapple_tv
appleios
appleiphone_os<= 8.1.3
applemac_os_x<= 10.10.2
appleos_x_yosemite_v10.10.3_and_security_update_2015-004
appletvos<= 7.0.3
applewatch_os
microsoftwindows_server_2008
microsoftwindows_server_2012
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.