CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1062
https://notcve.org/view.php?id=CVE-2015-1062
MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. MobileStorageMounter en Apple iOS anterior a 8.2 y Apple TV anterior a 7.1 no elimina las carpetas de imágenes de discos inválidas, lo que permite a atacantes remotos crear carpetas en localizaciones del sistema de ficheros arbitrarias a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html http://www.securitytracker.com/id/1031864 https://support.apple.com/HT204423 https://support.apple.com/HT204426 • CWE-19: Data Processing Errors •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1061
https://notcve.org/view.php?id=CVE-2015-1061
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling. IOSurface en Apple iOS anterior a 8.2, Apple OS X hasta 10.10.2, y Apple TV anterior a 7.1 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada que aprovecha la 'confusión de tipos' durante el manejo de objetos serializados. • http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html http://www.securityfocus.com/bid/73004 http://www.securitytracker.com/id/1031864 https://support.apple.com/HT204413 https://support.apple.com/HT204423 https://support.apple.com/HT204426 https://support.apple.com/kb/HT204563 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 64%CPEs: 3EXPL: 1CVE-2015-1067
https://notcve.org/view.php?id=CVE-2015-1067
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. Secure Transport en Apple iOS anterior a 8.2, Apple OS X hasta 10.10.2, y Apple TV anterior a 7.1 no restringe correctamente las transiciones de estados TLS, lo que facilita a atacantes remotos realizar ataques de la degradación del cifrado en los cifrados EXPORT_RSA a través de trafico TLS manipulado, relacionado con el problema 'FREAK', una vulnerabilidad diferente a CVE-2015-0204 y CVE-2015-1637. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html http://www.securityfocus.com/bid/73009 http://www.securitytracker.com/id/1031829 http://www.securitytracker.com/id/1031830 https://freakattack.com https://support.apple.com/HT204413 https://support • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4496
https://notcve.org/view.php?id=CVE-2014-4496
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. La interfaz mach_port_kobject en el kernel en Apple iOS anterior a 8.1.3 y Apple TV anterior a 7.0.3 no restringe correctamente la información de la dirección del kernel y la permutación de la memoria dinámica, lo que facilita a atacantes evadir el mecanismo de protección ASLR a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.securityfocus.com/bid/72334 http://www.securitytracker.com/id/1031652 https://support.apple.com/HT204413 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 3CVE-2014-4492 – Apple Mac OSX networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape
https://notcve.org/view.php?id=CVE-2014-4492
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. libnetcore en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no verifica que ciertos valores tienen los tipos de datos esperados, lo que permite a atacantes ejecutar código arbitrario en un contexto _networkd a través de un mensaje XPC manipulado de una aplicación con sandbox, tal y como fue demostrado mediante la falta de verificación de un tipo de datos del diccionario de XPC. networkd is the system daemon which implements the com.apple.networkd XPC service. It's unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network). networkd parses quite complicated XPC messages and there are many cases where xpc_dictionary_get_value and xpc_array_get_value are used without subsequent checking of the type of the returned value. • https://www.exploit-db.com/exploits/35847 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://packetstormsecurity.com/files/134393/Mac-OS-X-Networkd-XPC-Type-Confusion-Sandbox-Escape.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.exploit-db.com&# • CWE-19: Data Processing Errors •