CVE-2015-7054Apple Iphone OS vulnerability

CWE-196 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
1.1%
top 21.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple Iphone OSApple MAC OS XApple Tvos+3 more
Timeline
PublishedDec 11
Latest updateMay 14

Description

zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages8 packages

NVDapple/tvos9.0
NVDapple/watchos2.0
Appleapple/tvos9.1
Appleapple/watchos2.1
NVDapple/mac_os_x10.11.1

🔴Vulnerability Details

1
GHSA
GHSA-g5xh-pq76-vwg7: zlib in the Compression component in Apple iOS before 92022-05-14

📋Vendor Advisories

4
Apple
CVE-2015-7054: watchOS 2.1
Apple
CVE-2015-7054: iOS 9.2
Apple
CVE-2015-7054: tvOS 9.1
Apple
CVE-2015-7054: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks