CVE-2015-7055Improper Access Control in Apple Iphone OS

CWE-284Improper Access Control4 documents3 sources
Severity
9.3CRITICALNVD
EPSS
0.6%
top 29.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple Iphone OSApple TvosApple IOS
Timeline
PublishedDec 11
Latest updateMay 14

Description

AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDapple/tvos9.0
Appleapple/tvos9.1
Appleapple/ios9.2

🔴Vulnerability Details

1
GHSA
GHSA-4wg4-2x9g-fh28: AppleMobileFileIntegrity in Apple iOS before 92022-05-14

📋Vendor Advisories

2
Apple
CVE-2015-7055: iOS 9.2
Apple
CVE-2015-7055: tvOS 9.1
CVE-2015-7055 — Improper Access Control in Apple | cvebase