CVE-2015-5824Apple Iphone OS vulnerability

CWE-3105 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 73.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple Iphone OSApple MAC OS XApple IOS 9+3 more
Timeline
PublishedSep 18
Latest updateMay 17

Description

The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS vector

AV:A/AC:M/C:P/I:P/A:NExploitability: 5.5 | Impact: 4.9

Affected Packages6 packages

NVDapple/mac_os_x10.10.5
NVDapple/iphone_os8.4.1
Appleapple/ios_9
NVDapple/watchos1.0

🔴Vulnerability Details

1
GHSA
GHSA-2vrf-mpfc-8f68: The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X2022-05-17

📋Vendor Advisories

3
Apple
CVE-2015-5824: watchOS 2
Apple
CVE-2015-5824: iOS 9
Apple
CVE-2015-5824: OS X El Capitan v10.11