CVE-2015-7079 — Improper Input Validation in Apple Iphone OS

CWE-20 — Improper Input Validation4 documents3 sources

Severity

9.3CRITICALNVD

EPSS

1.1%

top 21.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Tvos Apple IOS

Timeline

PublishedDec 11

Latest updateMay 14

Description

dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDapple/tvos9.0

▶Appleapple/tvos9.1

▶NVDapple/iphone_os9.1

▶Appleapple/ios9.2

🔴Vulnerability Details

GHSA

GHSA-jgwh-g567-4w8r: dyld in Apple iOS before 9↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2015-7079: iOS 9.2↗

▶

Apple

CVE-2015-7079: tvOS 9.1↗

▶