Vulnerability Details : CVE-2015-7079
dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Vulnerability category: Input validationExecute code
Products affected by CVE-2015-7079
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7079
0.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7079
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2015-7079
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7079
-
https://support.apple.com/HT205635
About the security content of iOS 9.2 - Apple SupportVendor Advisory
-
http://www.securitytracker.com/id/1034348
Apple iOS Multiple Flaws Let Remote Users Spoof URLs and Access Files, Apps Gain Elevated Privileges, and Local Users Obtain Potentially Sensitive Information - SecurityTracker
-
https://support.apple.com/HT205640
About the security content of tvOS 9.1 - Apple SupportVendor Advisory
-
http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
Apple - Lists.apple.comVendor Advisory
-
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
Apple - Lists.apple.comVendor Advisory
Jump to