CVE-2015-5837Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation4 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 33.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple IOS 9Apple Watchos 2+1 more
Timeline
PublishedSep 18
Latest updateMay 17

Description

PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDapple/iphone_os8.4.1
Appleapple/ios_9
NVDapple/watchos1.0

🔴Vulnerability Details

1
GHSA
GHSA-v455-pq67-wwvm: PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise2022-05-17

📋Vendor Advisories

2
Apple
CVE-2015-5837: iOS 9
Apple
CVE-2015-5837: watchOS 2