PT-2015-1002 · Apple · Tv+2

Ian Beer

Published

2015-03-12

Updated

2019-03-08

CVE-2015-1061

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 8.2 Apple OS X versions through 10.10.2 Apple TV versions prior to 7.1

Description The issue allows a remote attacker to execute arbitrary code with elevated privileges using a malicious application that exploits type confusion errors during serialized-object handling. This can occur through a crafted app.

Recommendations For Apple iOS versions prior to 8.2, update to version 8.2 or later. For Apple OS X versions through 10.10.2, update to version 10.10.3 or later. For Apple TV versions prior to 7.1, update to version 7.1 or later.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2015-09802

BDU:2015-09803

CVE-2015-1061

Affected Products

Os X

Ios

PT-2015-1002 · Apple · Tv+2

CVE-2015-1061

Weakness Enumeration

Related Identifiers

Affected Products

References · 12