CVE-2015-1067 — Apple Iphone OS vulnerability

10 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

4.8%

top 10.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +7 more

Timeline

PublishedMar 11

Latest updateMay 14

Description

Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages9 packages

▶Appleapple/about_security_update_2015-002

▶Appleapple/os_x_yosemite_v10.10.3_and_security_update_2015-004

▶NVDapple/tvos7.0.3

▶NVDapple/mac_os_x10.10.2

▶NVDapple/iphone_os8.1.3

🔴Vulnerability Details

GHSA

GHSA-2cqr-v8j2-59fq: Secure Transport in Apple iOS before 8↗2022-05-14

▶

GHSA

GHSA-h5m2-xvgx-vpw7: Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, W↗2022-05-13

▶

📋Vendor Advisories

Apple

CVE-2015-1067: OS X Yosemite v10.10.3 and Security Update 2015-004↗

▶

Apple

CVE-2015-1067: Apple TV 7.1↗

▶

Apple

CVE-2015-1067: About Security Update 2015-002↗

▶

Apple

CVE-2015-1067: Watch OS 1.0.1↗

▶

Apple

CVE-2015-1067: iOS 8.2↗

▶