CVE-2015-3806Improper Access Control in Apple Iphone OS

CWE-284Improper Access Control5 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 83.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple Iphone OSApple MAC OS XApple TV+2 more
Timeline
PublishedAug 17
Latest updateMay 17

Description

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages5 packages

NVDapple/mac_os_x10.10.4
Appleapple/ios8.4.1
Appleapple/apple_tv7.2.1

🔴Vulnerability Details

1
GHSA
GHSA-c4h5-599q-45cc: Apple iOS before 82022-05-17

📋Vendor Advisories

3
Apple
CVE-2015-3806: iOS 8.4.1
Apple
CVE-2015-3806: Apple TV 7.2.1
Apple
CVE-2015-3806: OS X Yosemite v10.10.5 and Security Update 2015-006