CVE-2015-7001Apple Iphone OS vulnerability

CWE-2645 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.9%
top 24.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple Iphone OSApple MAC OS XApple Tvos+3 more
Timeline
PublishedDec 11
Latest updateMay 14

Description

AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages7 packages

NVDapple/tvos9.0
NVDapple/watchos2.0
Appleapple/watchos2.1
NVDapple/mac_os_x10.11.1

🔴Vulnerability Details

1
GHSA
GHSA-jw64-6xxx-h8p2: AppSandbox in Apple iOS before 92022-05-14

📋Vendor Advisories

3
Apple
CVE-2015-7001: iOS 9.2
Apple
CVE-2015-7001: watchOS 2.1
Apple
CVE-2015-7001: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks