Vulnerability-Lookup

CVE-2015-1092 (GCVE-0-2015-1092)

Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33

Summary

Severity

No CVSS data available.

CWE

Assigner

apple

References

7 references

URL	Tags
https://support.apple.com/kb/HT204870	x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.securityfocus.com/bid/73983	vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1032050	vdb-entryx_refsource_SECTRACK
https://support.apple.com/HT204662	x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
https://support.apple.com/HT204661	x_refsource_CONFIRM

Date Public

2015-04-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:33:20.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT204870"
          },
          {
            "name": "APPLE-SA-2015-04-08-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
          },
          {
            "name": "73983",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73983"
          },
          {
            "name": "1032050",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032050"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204662"
          },
          {
            "name": "APPLE-SA-2015-04-08-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204661"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT204870"
        },
        {
          "name": "APPLE-SA-2015-04-08-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
        },
        {
          "name": "73983",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73983"
        },
        {
          "name": "1032050",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032050"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204662"
        },
        {
          "name": "APPLE-SA-2015-04-08-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204661"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1092",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/kb/HT204870",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT204870"
            },
            {
              "name": "APPLE-SA-2015-04-08-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
            },
            {
              "name": "73983",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73983"
            },
            {
              "name": "1032050",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032050"
            },
            {
              "name": "https://support.apple.com/HT204662",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204662"
            },
            {
              "name": "APPLE-SA-2015-04-08-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
            },
            {
              "name": "https://support.apple.com/HT204661",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204661"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2015-1092",
    "datePublished": "2015-04-10T14:00:00.000Z",
    "dateReserved": "2015-01-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:33:20.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2015-1092",
      "date": "2026-06-01",
      "epss": "0.00823",
      "percentile": "0.74741"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.1\", \"matchCriteriaId\": \"B98C1F4A-0A10-42CF-ABD5-A2248D55C7F0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.2\", \"matchCriteriaId\": \"C0340315-35F7-4736-854B-852916D00673\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.\"}, {\"lang\": \"es\", \"value\": \"NSXMLParser en Foundation en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes remotos leer ficheros arbitrarios a trav\\u00e9s de una declaraci\\u00f3n de entidad externa en conjunto con una referencia de entidad, relacionado con una problema de entidad externa XML (XXE).\"}]",
      "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e\n",
      "id": "CVE-2015-1092",
      "lastModified": "2024-11-21T02:24:39.093",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-04-10T14:59:08.657",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/73983\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securitytracker.com/id/1032050\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT204661\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT204662\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT204870\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/73983\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT204661\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT204662\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT204870\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-1092\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-04-10T14:59:08.657\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.\"},{\"lang\":\"es\",\"value\":\"NSXMLParser en Foundation en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de una declaraci\u00f3n de entidad externa en conjunto con una referencia de entidad, relacionado con una problema de entidad externa XML (XXE).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.1\",\"matchCriteriaId\":\"B98C1F4A-0A10-42CF-ABD5-A2248D55C7F0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.2\",\"matchCriteriaId\":\"C0340315-35F7-4736-854B-852916D00673\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/73983\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id/1032050\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT204661\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT204662\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT204870\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/73983\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT204661\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT204662\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT204870\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/611.html\\\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e\\n\"}}"
  }
}

CERTFR-2015-AVI-147

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 8.3
Apple	N/A	Apple TV versions antérieures à 7.2
Apple	N/A	Apple Xcode versions antérieures à 6.3

References

Title

Publication Time

CERTFR-2015-AVI-147

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 8.3
Apple	N/A	Apple TV versions antérieures à 7.2
Apple	N/A	Apple Xcode versions antérieures à 6.3

References

Title

Publication Time

CNVD-2015-02314

Vulnerability from cnvd - Published: 2015-04-13

Title

Apple iOS NSXMLParser XML处理信息泄露漏洞

Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS NSXMLParser处理XML存在XML外部实体引用漏洞。允许攻击者利用漏洞获取敏感信息。

Severity

中

Patch Name

Apple iOS NSXMLParser XML处理信息泄露漏洞的补丁

Patch Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。Apple iOS NSXMLParser处理XML存在XML外部实体引用漏洞。允许攻击者利用漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Apple iOS 8.3已经修复该漏洞，建议用户下载更新： https://www.apple.com

Reference

https://support.apple.com/en-us/HT204661

Impacted products

Name
['Apple iPad >=2', 'Apple iPhone >= 4s', 'Apple iPod Touch >= 5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1092"
    }
  },
  "description": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS NSXMLParser\u5904\u7406XML\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Ikuya Fukumoto",
  "formalWay": "Apple iOS 8.3\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://www.apple.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02314",
  "openTime": "2015-04-13",
  "patchDescription": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iOS NSXMLParser\u5904\u7406XML\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS NSXMLParser XML\u5904\u7406\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple iPad \u003e=2",
      "Apple iPhone \u003e= 4s",
      "Apple iPod Touch \u003e= 5"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/HT204661",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-09",
  "title": "Apple iOS NSXMLParser XML\u5904\u7406\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2015-1092

Vulnerability from fkie_nvd - Published: 2015-04-10 14:59 - Updated: 2026-05-06 22:30

Severity

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/73983
product-security@apple.com	http://www.securitytracker.com/id/1032050
product-security@apple.com	https://support.apple.com/HT204661	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204662	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT204870
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73983
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032050
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204661	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204662	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT204870

Impacted products

	Vendor	Product	Version
	apple	tvos	*
	apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98C1F4A-0A10-42CF-ABD5-A2248D55C7F0",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0340315-35F7-4736-854B-852916D00673",
              "versionEndIncluding": "8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "NSXMLParser en Foundation en Apple iOS anterior a 8.3 y Apple TV anterior a 7.2 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de una declaraci\u00f3n de entidad externa en conjunto con una referencia de entidad, relacionado con una problema de entidad externa XML (XXE)."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e\n",
  "id": "CVE-2015-1092",
  "lastModified": "2026-05-06T22:30:45.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-10T14:59:08.657",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/73983"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1032050"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204661"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204662"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/kb/HT204870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT204870"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JPW3-R754-QMFW

Vulnerability from github – Published: 2022-05-14 01:25 – Updated: 2022-05-14 01:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1092"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-04-10T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
  "id": "GHSA-jpw3-r754-qmfw",
  "modified": "2022-05-14T01:25:50Z",
  "published": "2022-05-14T01:25:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1092"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204661"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204662"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT204870"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/73983"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032050"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-1092

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-1092

Aliases

CVE-2015-1092

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1092",
    "description": "NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
    "id": "GSD-2015-1092"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1092"
      ],
      "details": "NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
      "id": "GSD-2015-1092",
      "modified": "2023-12-13T01:20:05.268572Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-1092",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/kb/HT204870",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT204870"
          },
          {
            "name": "APPLE-SA-2015-04-08-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
          },
          {
            "name": "73983",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/73983"
          },
          {
            "name": "1032050",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032050"
          },
          {
            "name": "https://support.apple.com/HT204662",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204662"
          },
          {
            "name": "APPLE-SA-2015-04-08-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
          },
          {
            "name": "https://support.apple.com/HT204661",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204661"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1092"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT204662",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204662"
            },
            {
              "name": "APPLE-SA-2015-04-08-3",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
            },
            {
              "name": "APPLE-SA-2015-04-08-4",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
            },
            {
              "name": "https://support.apple.com/HT204661",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204661"
            },
            {
              "name": "1032050",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032050"
            },
            {
              "name": "https://support.apple.com/kb/HT204870",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/kb/HT204870"
            },
            {
              "name": "73983",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/73983"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2015-04-10T14:59Z"
    }
  }
}

VAR-201504-0108

Vulnerability from variot - Updated: 2023-12-18 11:42

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. An attacker can exploit these issues to obtain sensitive information that may lead to further attacks. NSXMLParser is one of the components that uses the sax method to parse xml files. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-04-08-3 iOS 8.3

iOS 8.3 is now available and addresses the following:

AppleKeyStore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to guess the user's passcode Description: iOS allowed access to an interface which allowed attempts to confirm the user's passcode. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1085

Audio Drivers Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in IOKit objects used by an audio driver. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-1086

Backup Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to use the backup system to access restricted areas of the file system Description: An issue existed in the relative path evaluation logic of the backup system. This issues was addressed through improved path evaluation. CVE-ID CVE-2015-1087 : TaiG Jailbreak Team

Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT204132

CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller

CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A user may be unable to fully delete browsing history Description: Clearing Safari's history did not clear saved HTTP Strict Transport Security state. The issue was addressed through improved data deletion. CVE-ID CVE-2015-1090

CFNetwork Session Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)

CFURL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088

Foundation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2015-1092 : Ikuya Fukumoto

FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld

IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOAcceleratorFamily that led to the disclosure of kernel memory content. This issue was addressed by removing unneeded code. CVE-ID CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team

IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church

IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive

IOMobileFramebuffer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in MobileFrameBuffer that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security Research Team

iWork Viewer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on iOS. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team

Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io

Keyboards Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: QuickType could learn users' passcodes Description: When using Bluetooth keyboards, QuickType could learn users' passcodes. This issue was addressed by preventing QuickType from being displayed on the lockscreen. CVE-ID CVE-2015-1106 : Jarrod Dwenger, Steve Favorito, Paul Reedy of ConocoPhillips, Pedro Tavares of Molecular Biophysics at UCIBIO/FCT/UNL, De Paul Sunny, Christian Still of Evolve Media, Canada

libnetcore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.

Lock Screen Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may prevent erasing the device after failed passcode attempts Description: In some circumstances, a device might not erase itself after failed passcode attempts. This issue was addressed through additional enforcement of erasure. CVE-ID CVE-2015-1107 : Brent Erickson, Stuart Ryan of University of Technology, Sydney

Lock Screen Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2015-1108

NetworkExtension Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may be able to recover VPN credentials Description: An issue existed in the handling of VPN configuration logs. This issue was addressed by removing logging of credentials. CVE-ID CVE-2015-1109 : Josh Tway of IPVanish

Podcasts Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unnecessary information may be sent to external servers when downloading podcast assets Description: When downloading assets for podcast a user was subscribed to, unique identifiers were sent to external servers. This issue was resolved by removing these identifiers. CVE-ID CVE-2015-1110 : Alex Selivanov

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A user may be unable to fully delete browsing history Description: Clearing Safari's history did not clear "Recently closed tabs". The issue was addressed through improved data deletion. CVE-ID CVE-2015-1111 : Frode Moe of LastFriday.no

Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Users' browsing history may not be completely purged Description: A state management issue existed in Safari that resulted in users' browsing history not being purged from history.plist. This issue was addressed by improved state management. CVE-ID CVE-2015-1112 : William Breuer, The Netherlands

Sandbox Profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to access phone numbers or email addresses of recent contacts Description: An information disclosure issue existed in the third- party app sandbox. This issue was addressed by improving the sandbox profile. CVE-ID CVE-2015-1113 : Andreas Kurtz of NESO Security Labs, Markus TroBbach of Heilbronn University

Sandbox Profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Hardware identifiers may be accessible by third-party apps Description: An information disclosure issue existed in the third- party app sandbox. This issue was addressed by improving the sandbox profile. CVE-ID CVE-2015-1114

Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to access restricted telephony functions Description: An access control issue existed in the telephony subsystem. Sandboxed apps could access restricted telephony functions. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1115 : Andreas Kurtz of NESO Security Labs, Markus TroBbach of Heilbronn University

UIKit View Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Sensitive data may be exposed in application snapshots presented in the Task Switcher Description: An issue existed in UIKit, which did not blur application snapshots containing sensitive data in the Task Switcher. This issue was addressed by correctly blurring the snapshot. CVE-ID CVE-2015-1116 : The mobile app team at HP Security Voltage, Aaron Rogers of Mint.com, David Edwards of Tech4Tomorrow, David Zhang of Dropbox

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Inconsistent user interface may prevent users from discerning a phishing attack Description: A user interface inconsistency existed in Safari that allowed an attacker to misrepresent the URL. This issue was addressed through improved user interface consistency checks. CVE-ID CVE-2015-1084 : Apple

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1068 : Apple CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative CVE-2015-1070 : Apple CVE-2015-1071 : Apple CVE-2015-1072 CVE-2015-1073 : Apple CVE-2015-1074 : Apple CVE-2015-1076 CVE-2015-1077 : Apple CVE-2015-1078 : Apple CVE-2015-1079 : Apple CVE-2015-1080 : Apple CVE-2015-1081 : Apple CVE-2015-1082 : Apple CVE-2015-1083 : Apple CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2015-1120 : Apple CVE-2015-1121 : Apple CVE-2015-1122 : Apple CVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc. CVE-2015-1124 : Apple

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a user invoking a click on another website Description: An issue existed when handling touch events. A tap could propagate to another website. The issue was addressed through improved event handling. CVE-ID CVE-2015-1125 : Phillip Moon and Matt Weston of www.sandfield.co.nz

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to resources of another origin being accessed Description: An issue existed in WebKit when handling credentials in FTP URLs. This issue was address through improved decoding. CVE-ID CVE-2015-1126 : Jouko Pynnonen of Klikki Oy

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "8.3".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVJKl9AAoJEBcWfLTuOo7tJSQQAISlSqHZbMZOKrc6qCQ3E+Yn ROyg7duvjIiaOHEiromwOpXjINbRTlhV5I6cseJrZOa7oLhgtIFes7wCo2rj/IjK pTv3GMc84r7gPY38JE6//rU6Ni9YCuSKt69iOpF2RmKCLrrhjyP/igY/IKro3ujS YyDgEEtmBtekU/QbUcZb8qfQ+/E0O6ZwZqvmzlmbcmeqM0/xy/lb8MmPcPwSTCTc oQUj3xF+2OBIyudzQX6PmTFIDQjKYUg2dXEapYhzUhVkaZkdhRsJDaNJR7rlOYhK Zea99fN+wnRr6F6IklXRTUdf4Lwegjs+kBA0HqrsxTX/LORQu98LWWXJ5vcl7OvE moZRu46Jw7+AEwC2V3t7Bl6HbeHf3/jtQTV8q7ALdRhOcwgJdQUubRyMl1ZIG0NE N3M6lxSxlkn5CuPggQcONc1SwkCfplIntxJ8ECDTW/mVc/GrmSN5BH19Lzd3gWFR vRD5soYzZrTfWaULp+VzepiWz0FpJsJPn/sDQxvZfOzSzIsFKCX3OO671lXC7fV+ Qgl5vPXleUGxgScn0jQEDPrXAj6U85xqfXc+aZn8jKpfMthfukKXM8Tazlz2Ywyj g2EaerJBFCavTPpQpuq0MOL6RYo2PhlC6tkwT25NaG01v/wEfzs75Dgc2Z15QtaH ceXrdFVQDQ9LSl38/qPo =ifj1 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0108",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "tv",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.2   (apple tv first  3 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.3   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.3   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.3   (ipod touch first  5 after generation )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.0.1   (apple watch edition)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.0.1   (apple watch sport)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.0.1   (apple watch)"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-118"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1092"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Alex Selivanov, Barak Gabai of the IBM X-Force Application Security Research Team, Cererdlong of Alibaba Mobile Security Team,  Ikuya Fukumoto and Apple",
    "sources": [
      {
        "db": "BID",
        "id": "73983"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1092",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-1092",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-79052",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1092",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201504-118",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79052",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79052"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-118"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. \nAn attacker can exploit these issues to obtain sensitive information that may lead to further attacks. NSXMLParser is one of the components that uses the sax method to parse xml files. This issue, also\nknown as FREAK, only affected connections to servers which support\nexport-strength RSA cipher suites, and was addressed by removing\nsupport for ephemeral RSA keys. \nCVE-ID\nCVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nProsecco at Inria Paris\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/en-us/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-3 iOS 8.3\n\niOS 8.3 is now available and addresses the following:\n\nAppleKeyStore\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to guess the user\u0027s\npasscode\nDescription:  iOS allowed access to an interface which allowed\nattempts to confirm the user\u0027s passcode. This issue was addressed\nwith improved entitlement checking. \nCVE-ID\nCVE-2015-1085\n\nAudio Drivers\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A validation issue existed in IOKit objects used by an\naudio driver. This issue was addressed through improved validation of\nmetadata. \nCVE-ID\nCVE-2015-1086\n\nBackup\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker may be able to use the backup system to access\nrestricted areas of the file system\nDescription:  An issue existed in the relative path evaluation logic\nof the backup system. This issues was addressed through improved path\nevaluation. \nCVE-ID\nCVE-2015-1087 : TaiG Jailbreak Team\n\nCertificate Trust Policy\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT204132\n\nCFNetwork\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Cookies belonging to one origin may be sent to another\norigin\nDescription:  A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A user may be unable to fully delete browsing history\nDescription:  Clearing Safari\u0027s history did not clear saved HTTP\nStrict Transport Security state. The issue was addressed through\nimproved data deletion. \nCVE-ID\nCVE-2015-1090\n\nCFNetwork Session\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Authentication credentials may be sent to a server on\nanother origin\nDescription:  A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088\n\nFoundation\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An application using NSXMLParser may be misused to disclose\ninformation\nDescription:  An XML External Entity issue existed in NSXMLParser\u0027s\nhandling of XML. This issue was addressed by not loading external\nentities across origins. \nCVE-ID\nCVE-2015-1092 : Ikuya Fukumoto\n\nFontParser\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nIOAcceleratorFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in IOAcceleratorFamily that led to the\ndisclosure of kernel memory content. This issue was addressed by\nremoving unneeded code. \nCVE-ID\nCVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team\n\nIOHIDFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious HID device may be able to cause arbitrary code\nexecution\nDescription:  A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOMobileFramebuffer\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in MobileFrameBuffer that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security\nResearch Team\n\niWork Viewer\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to cause a system denial\nof service\nDescription:  A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription:  setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to cause unexpected\nsystem termination or read kernel memory\nDescription:  A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may be able\nto cause a denial of service\nDescription:  A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription:  ICMP redirects were enabled by default on iOS. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A remote attacker may be able to bypass network filters\nDescription:  The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nKeyboards\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  QuickType could learn users\u0027 passcodes\nDescription:  When using Bluetooth keyboards, QuickType could learn\nusers\u0027 passcodes. This issue was addressed by preventing QuickType\nfrom being displayed on the lockscreen. \nCVE-ID\nCVE-2015-1106 : Jarrod Dwenger, Steve Favorito, Paul Reedy of\nConocoPhillips, Pedro Tavares of Molecular Biophysics at\nUCIBIO/FCT/UNL, De Paul Sunny, Christian Still of Evolve Media,\nCanada\n\nlibnetcore\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription:  A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nLock Screen\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in possession of a device may prevent erasing\nthe device after failed passcode attempts\nDescription:  In some circumstances, a device might not erase itself\nafter failed passcode attempts. This issue was addressed through\nadditional enforcement of erasure. \nCVE-ID\nCVE-2015-1107 : Brent Erickson, Stuart Ryan of University of\nTechnology, Sydney\n\nLock Screen\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in possession of a device may exceed the maximum\nnumber of failed passcode attempts\nDescription:  In some circumstances, the failed passcode attempt\nlimit was not enforced. This issue was addressed through additional\nenforcement of this limit. \nCVE-ID\nCVE-2015-1108\n\nNetworkExtension\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker in possession of a device may be able to recover\nVPN credentials\nDescription:  An issue existed in the handling of VPN configuration\nlogs. This issue was addressed by removing logging of credentials. \nCVE-ID\nCVE-2015-1109 : Josh Tway of IPVanish\n\nPodcasts\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Unnecessary information may be sent to external servers when\ndownloading podcast assets\nDescription:  When downloading assets for podcast a user was\nsubscribed to, unique identifiers were sent to external servers. This\nissue was resolved by removing these identifiers. \nCVE-ID\nCVE-2015-1110 : Alex Selivanov\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A user may be unable to fully delete browsing history\nDescription:  Clearing Safari\u0027s history did not clear \"Recently\nclosed tabs\". The issue was addressed through improved data deletion. \nCVE-ID\nCVE-2015-1111 : Frode Moe of LastFriday.no\n\nSafari\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Users\u0027 browsing history may not be completely purged\nDescription:  A state management issue existed in Safari that\nresulted in users\u0027 browsing history not being purged from\nhistory.plist. This issue was addressed by improved state management. \nCVE-ID\nCVE-2015-1112 : William Breuer, The Netherlands\n\nSandbox Profiles\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to access phone numbers\nor email addresses of recent contacts\nDescription:  An information disclosure issue existed in the third-\nparty app sandbox. This issue was addressed by improving the sandbox\nprofile. \nCVE-ID\nCVE-2015-1113 : Andreas Kurtz of NESO Security Labs, Markus TroBbach\nof Heilbronn University\n\nSandbox Profiles\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Hardware identifiers may be accessible by third-party apps\nDescription:  An information disclosure issue existed in the third-\nparty app sandbox. This issue was addressed by improving the sandbox\nprofile. \nCVE-ID\nCVE-2015-1114\n\nTelephony\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to access restricted\ntelephony functions\nDescription:  An access control issue existed in the telephony\nsubsystem. Sandboxed apps could access restricted telephony\nfunctions. This issue was addressed with improved entitlement\nchecking. \nCVE-ID\nCVE-2015-1115 : Andreas Kurtz of NESO Security Labs, Markus TroBbach\nof Heilbronn University\n\nUIKit View\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Sensitive data may be exposed in application snapshots\npresented in the Task Switcher\nDescription:  An issue existed in UIKit, which did not blur\napplication snapshots containing sensitive data in the Task Switcher. \nThis issue was addressed by correctly blurring the snapshot. \nCVE-ID\nCVE-2015-1116 : The mobile app team at HP Security Voltage, Aaron\nRogers of Mint.com, David Edwards of Tech4Tomorrow, David Zhang of\nDropbox\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Inconsistent user interface may prevent users from\ndiscerning a phishing attack\nDescription:  A user interface inconsistency existed in Safari that\nallowed an attacker to misrepresent the URL. This issue was addressed\nthrough improved user interface consistency checks. \nCVE-ID\nCVE-2015-1084 : Apple\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-1068 : Apple\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\nCVE-2015-1070 : Apple\nCVE-2015-1071 : Apple\nCVE-2015-1072\nCVE-2015-1073 : Apple\nCVE-2015-1074 : Apple\nCVE-2015-1076\nCVE-2015-1077 : Apple\nCVE-2015-1078 : Apple\nCVE-2015-1079 : Apple\nCVE-2015-1080 : Apple\nCVE-2015-1081 : Apple\nCVE-2015-1082 : Apple\nCVE-2015-1083 : Apple\nCVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung\nElectronics\nCVE-2015-1120 : Apple\nCVE-2015-1121 : Apple\nCVE-2015-1122 : Apple\nCVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc. \nCVE-2015-1124 : Apple\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to a user\ninvoking a click on another website\nDescription:  An issue existed when handling touch events. A tap\ncould propagate to another website. The issue was addressed through\nimproved event handling. \nCVE-ID\nCVE-2015-1125 : Phillip Moon and Matt Weston of www.sandfield.co.nz\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may lead to resources\nof another origin being accessed\nDescription:  An issue existed in WebKit when handling credentials in\nFTP URLs. This issue was address through improved decoding. \nCVE-ID\nCVE-2015-1126 : Jouko Pynnonen of Klikki Oy\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"8.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKl9AAoJEBcWfLTuOo7tJSQQAISlSqHZbMZOKrc6qCQ3E+Yn\nROyg7duvjIiaOHEiromwOpXjINbRTlhV5I6cseJrZOa7oLhgtIFes7wCo2rj/IjK\npTv3GMc84r7gPY38JE6//rU6Ni9YCuSKt69iOpF2RmKCLrrhjyP/igY/IKro3ujS\nYyDgEEtmBtekU/QbUcZb8qfQ+/E0O6ZwZqvmzlmbcmeqM0/xy/lb8MmPcPwSTCTc\noQUj3xF+2OBIyudzQX6PmTFIDQjKYUg2dXEapYhzUhVkaZkdhRsJDaNJR7rlOYhK\nZea99fN+wnRr6F6IklXRTUdf4Lwegjs+kBA0HqrsxTX/LORQu98LWWXJ5vcl7OvE\nmoZRu46Jw7+AEwC2V3t7Bl6HbeHf3/jtQTV8q7ALdRhOcwgJdQUubRyMl1ZIG0NE\nN3M6lxSxlkn5CuPggQcONc1SwkCfplIntxJ8ECDTW/mVc/GrmSN5BH19Lzd3gWFR\nvRD5soYzZrTfWaULp+VzepiWz0FpJsJPn/sDQxvZfOzSzIsFKCX3OO671lXC7fV+\nQgl5vPXleUGxgScn0jQEDPrXAj6U85xqfXc+aZn8jKpfMthfukKXM8Tazlz2Ywyj\ng2EaerJBFCavTPpQpuq0MOL6RYo2PhlC6tkwT25NaG01v/wEfzs75Dgc2Z15QtaH\nceXrdFVQDQ9LSl38/qPo\n=ifj1\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      },
      {
        "db": "BID",
        "id": "73983"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79052"
      },
      {
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131360"
      },
      {
        "db": "PACKETSTORM",
        "id": "131361"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1092",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "73983",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1032050",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU93832567",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91828320",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002140",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-118",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-79052",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131932",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131360",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131361",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79052"
      },
      {
        "db": "BID",
        "id": "73983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      },
      {
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131360"
      },
      {
        "db": "PACKETSTORM",
        "id": "131361"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-118"
      }
    ]
  },
  "id": "VAR-201504-0108",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79052"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:42:25.422000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-05-19-1 Watch OS 1.0.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/may/msg00001.html"
      },
      {
        "title": "APPLE-SA-2015-04-08-3 iOS 8.3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html"
      },
      {
        "title": "APPLE-SA-2015-04-08-4 Apple TV 7.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00003.html"
      },
      {
        "title": "HT204870",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204870"
      },
      {
        "title": "HT204661",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204661"
      },
      {
        "title": "HT204662",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204662"
      },
      {
        "title": "HT204870",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht204870"
      },
      {
        "title": "HT204661",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204661"
      },
      {
        "title": "HT204662",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204662"
      },
      {
        "title": "OSXUpd10.10.3",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54848"
      },
      {
        "title": "iPhone7,1_8.3_12F70_Restore",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54847"
      },
      {
        "title": "AppleTV3,2_7.2_12F69_Restore",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54849"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-118"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1092"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/73983"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204661"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204662"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht204870"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032050"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1092"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91828320/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93832567/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1092"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1096"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1092"
      },
      {
        "trust": 0.3,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1094"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1104"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1093"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1099"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1101"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1102"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1105"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1103"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1100"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1073"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1083"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1069"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1079"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1076"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1086"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1095"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1077"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1070"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1071"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1072"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1081"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1082"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1080"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1068"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1078"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1074"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/204873"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1067"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1117"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1090"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1089"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.1,
        "url": "https://www.sandfield.co.nz"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1087"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1088"
      },
      {
        "trust": 0.1,
        "url": "http://dtorres.me)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1091"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1097"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79052"
      },
      {
        "db": "BID",
        "id": "73983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      },
      {
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131360"
      },
      {
        "db": "PACKETSTORM",
        "id": "131361"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-118"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-79052"
      },
      {
        "db": "BID",
        "id": "73983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      },
      {
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "db": "PACKETSTORM",
        "id": "131360"
      },
      {
        "db": "PACKETSTORM",
        "id": "131361"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1092"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-118"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79052"
      },
      {
        "date": "2015-04-08T00:00:00",
        "db": "BID",
        "id": "73983"
      },
      {
        "date": "2015-04-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      },
      {
        "date": "2015-05-20T22:44:42",
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "date": "2015-04-09T16:33:18",
        "db": "PACKETSTORM",
        "id": "131360"
      },
      {
        "date": "2015-04-09T16:39:51",
        "db": "PACKETSTORM",
        "id": "131361"
      },
      {
        "date": "2015-04-10T14:59:08.657000",
        "db": "NVD",
        "id": "CVE-2015-1092"
      },
      {
        "date": "2015-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-118"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79052"
      },
      {
        "date": "2015-07-15T00:04:00",
        "db": "BID",
        "id": "73983"
      },
      {
        "date": "2015-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      },
      {
        "date": "2019-03-08T16:06:32.170000",
        "db": "NVD",
        "id": "CVE-2015-1092"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-118"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-118"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS and  Apple TV of  Foundation Inside  NSXMLParser Vulnerable to reading arbitrary files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002140"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-118"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-1092 (GCVE-0-2015-1092)

CERTFR-2015-AVI-147

Solution

CERTFR-2015-AVI-147

Solution

CNVD-2015-02314

FKIE_CVE-2015-1092

GHSA-JPW3-R754-QMFW

GSD-2015-1092

VAR-201504-0108

Tags

Sightings

Nomenclature