Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-1067

Published: 11/03/2015 Updated: 08/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Mac Os X

Vulnerability Summary

Secure Transport in Apple iOS prior to 8.2, Apple OS X up to and including 10.10.2, and Apple TV prior to 7.1 does not properly restrict TLS state transitions, which makes it easier for remote malicious users to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

apple tvos

apple iphone os

Recent Articles

Apple patches FREAK-ed out Watch
The Register • Darren Pauli • 20 May 2015

Cupertino slings patches to kill twin data execution bugs

Apple has patched a dozen security flaws in Watch, including FREAK and two allowing arbitrary code execution. The updates cover Oracle hacker Marc Schoenefeld's arbitrary code execution which triggers (CVE-2015-1093) when the Apple Watch processes a maliciously crafted font file. It also squashes hacker Loki@ART's bug that grants malicious apps the ability to execute arbitrary code with system privileges via a kernel memory corruption issue (CVE-2015-1101). Apple closes the twin memory corruptio...

Read more...
Apple slips out security patches while world goes gaga over watches
The Register • Shaun Nichols in San Francisco • 10 Mar 2015

Remote-code exec in iOS, OS X iCloud, plus FREAK fix

While everyone was losing their mind over expensive watches, Apple sneaked out security fixes for iOS phones and tablets, and OS X computers. Both the OS X Security Update 2015-002 and iOS 8.2 address critical flaws. Leading the charge is a patch to squish the FREAK bug in the two operating systems' SSL/TLS code. Disclosed last week by researchers, the flaw allows an eavesdropper to intercept connections to HTTPS websites and downgrade the strength of the encryption, allowing miscreants to crack...

Read more...

References

CWE-310https://support.apple.com/HT204426https://support.apple.com/HT204423http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Mar/msg00001.htmlhttps://support.apple.com/HT204413https://freakattack.com/http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.htmlhttp://www.securitytracker.com/id/1031829http://www.securitytracker.com/id/1031830https://support.apple.com/HT204659http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttps://support.apple.com/kb/HT204870http://www.securityfocus.com/bid/73009https://nvd.nist.govhttps://www.theregister.co.uk/2015/03/10/apple_ios_os_x_security_patches/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook