CVE-2015-1086Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation7 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.1%
top 82.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple TvosApple TV+1 more
Timeline
PublishedApr 10
Latest updateMay 14

Description

The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages4 packages

NVDapple/tvos7.1
Appleapple/ios8.3
Appleapple/apple_tv7.2

🔴Vulnerability Details

1
GHSA
GHSA-h4rm-4mch-g9mg: The Audio Drivers subsystem in Apple iOS before 82022-05-14

📋Vendor Advisories

2
Apple
CVE-2015-1086: Apple TV 7.2
Apple
CVE-2015-1086: iOS 8.3

💬Community

3
Bugzilla
CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11)2015-06-10
Bugzilla
CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)2015-06-10
Bugzilla
CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-112015-06-10