CVE-2015-7072Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation5 documents3 sources
Severity
9.3CRITICALNVD
EPSS
1.0%
top 22.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple TvosApple Watchos+1 more
Timeline
PublishedDec 11
Latest updateMay 14

Description

dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages6 packages

NVDapple/tvos9.0
NVDapple/watchos2.0
Appleapple/tvos9.1
Appleapple/watchos2.1

🔴Vulnerability Details

1
GHSA
GHSA-mpxf-6pp6-m5gr: dyld in Apple iOS before 92022-05-14

📋Vendor Advisories

3
Apple
CVE-2015-7072: iOS 9.2
Apple
CVE-2015-7072: watchOS 2.1
Apple
CVE-2015-7072: tvOS 9.1
CVE-2015-7072 — Improper Input Validation in Apple | cvebase