PT-2015-5076 · Apple · Foundation+2

Ikuya Fukumoto

Published

2015-04-10

Updated

2019-03-08

CVE-2015-1092

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Foundation in Apple iOS versions prior to 8.3 Foundation in Apple TV versions prior to 7.2

Description The issue allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This occurs due to a problem with NSXMLParser in Foundation.

Recommendations For Foundation in Apple iOS versions prior to 8.3, update to version 8.3 or later. For Foundation in Apple TV versions prior to 7.2, update to version 7.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-1092

Affected Products

Foundation

Ios

PT-2015-5076 · Apple · Foundation+2

CVE-2015-1092

Related Identifiers

Affected Products

References · 8