CVE-2015-7046Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure5 documents3 sources
Severity
2.6LOWNVD
EPSS
0.7%
top 27.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple Iphone OSApple MAC OS XApple Tvos+3 more
Timeline
PublishedDec 11
Latest updateMay 14

Description

The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages7 packages

NVDapple/tvos9.0
NVDapple/watchos2.0
Appleapple/watchos2.1
NVDapple/mac_os_x10.11.1

🔴Vulnerability Details

1
GHSA
GHSA-9g8f-x73j-4gc9: The Sandbox feature in xnu in Apple iOS before 92022-05-14

📋Vendor Advisories

3
Apple
CVE-2015-7046: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
Apple
CVE-2015-7046: watchOS 2.1
Apple
CVE-2015-7046: iOS 9.2