CVE-2015-7058Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure5 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 32.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple Iphone OSApple MAC OS XApple Tvos+2 more
Timeline
PublishedDec 11
Latest updateMay 14

Description

Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages6 packages

NVDapple/tvos9.0
Appleapple/tvos9.1
NVDapple/mac_os_x10.11.1
Appleapple/ios9.2

🔴Vulnerability Details

1
GHSA
GHSA-wmrv-ccxm-mpc5: Apple iOS before 92022-05-14

📋Vendor Advisories

3
Apple
CVE-2015-7058: tvOS 9.1
Apple
CVE-2015-7058: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
Apple
CVE-2015-7058: iOS 9.2