Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2015-1061

Published: 12/03/2015 Updated: 08/03/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

IOSurface in Apple iOS prior to 8.2, Apple OS X up to and including 10.10.2, and Apple TV prior to 7.1 allows malicious users to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple tvos

apple iphone os

apple mac os x

Recent Articles

Apple: Those security holes we fixed last week? You're going to need to repatch
The Register • Shaun Nichols in San Francisco • 20 Mar 2015

Turns out those bugs weren't quite squished

Apple has released a follow-up to last week's security update after finding a pair of flaws that are still vulnerable on patched systems. The Cupertino giant said that the 2015-003 update would address two flaws; a man-in-the-middle vulnerability and type confusion error in OS X Yosemite (10.10.2). Both of the flaws, CVE-2015-1065 and CVE-2015-1061, were listed in last week's security update, but were not effectively patched, forcing Apple to put out another fix. The CVE-2015-1065 issue was disc...

Read more...
Apple slips out security patches while world goes gaga over watches
The Register • Shaun Nichols in San Francisco • 10 Mar 2015

Remote-code exec in iOS, OS X iCloud, plus FREAK fix

While everyone was losing their mind over expensive watches, Apple sneaked out security fixes for iOS phones and tablets, and OS X computers. Both the OS X Security Update 2015-002 and iOS 8.2 address critical flaws. Leading the charge is a patch to squish the FREAK bug in the two operating systems' SSL/TLS code. Disclosed last week by researchers, the flaw allows an eavesdropper to intercept connections to HTTPS websites and downgrade the strength of the encryption, allowing miscreants to crack...

Read more...

References

CWE-94https://support.apple.com/HT204426https://support.apple.com/HT204423http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Mar/msg00001.htmlhttps://support.apple.com/HT204413http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.htmlhttp://www.securitytracker.com/id/1031864http://www.securityfocus.com/bid/73004https://support.apple.com/kb/HT204563https://nvd.nist.govhttps://www.theregister.co.uk/2015/03/20/apple_remember_those_security_holes_we_fixed_last_week_yeah_youre_going_to_need_to_patch_them_again/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook