Vulnerability Details : CVE-2015-1088
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2015-1088
Probability of exploitation activity in the next 30 days: 1.02%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-1088
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-1088
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1088
-
http://www.securitytracker.com/id/1032048
Apple OS X Multiple Bugs Let Remote and Local Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service - SecurityTracker
-
https://support.apple.com/HT204659
About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 - Apple SupportVendor Advisory
-
http://www.securityfocus.com/bid/73984
Apple Mac OS X Prior to 10.10.3 and iOS Prior to 8.3 Multiple Security Vulnerabilities
-
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Apple - Lists.apple.comVendor Advisory
-
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
Apple - Lists.apple.comVendor Advisory
-
https://support.apple.com/HT204661
About the security content of iOS 8.3 - Apple SupportVendor Advisory
Products affected by CVE-2015-1088
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*