Sign-up

ID

VAR-201510-0187


CVE

CVE-2015-7030


TITLE

Apple Xcode of Swift Vulnerability in implementation of

Trust: 0.8

sources: JVNDB: JVNDB-2015-005537

DESCRIPTION

The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlIt may be subject to unspecified effects and attacks. Apple Xcode is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. Versions prior to Apple Xcode 7.1 are vulnerable. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. Swift is a programming language used to develop Mac OS X and iOS applications. A security vulnerability exists in the Swift implementation of Apple's Xcode 7.0 and earlier versions. The vulnerability stems from the program's improper handling of type conversions. Attackers can exploit this vulnerability to cause Swift programs to return incorrect values. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-10-21-7 Xcode 7.1 Xcode 7.1 is now available and addresses the following: Swift Available for: OS X Yosemite v10.10.5 or later Impact: Swift programs performing certain type conversions may receive unexpected values Description: A type conversion issue existed that could lead to conversions returning unexpected values. This issue was addressed through improved type checking. CVE-ID CVE-2015-7030 : an anonymous researcher Installation note: Xcode 7.1 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "7.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWJ/d+AAoJEBcWfLTuOo7tSeEP/2kJ90yMD+I3obU7us1+ZflX pXyEp5XEdfKkPi6LwEarct85LjaG0eozqZVfo5qZ4gWX9u74GN+Y7kSsZ+5MJaFp FF12elp50CIXCHtDdtzm8nO4i6X256XNU9g5T9dkxFCJHRhmVmxDeoZXfPGRAEJa FMsS0b+v0zozye4VdbPYtxluWAdBjCDcnmNZbYZe2wg/T4fuVnFABshAAotPLz1t NFmuakPkv58vH8qSLR8/M/i5WvMAfxNf6Nz8qFapGOdSN8GFfU154taKediJwqJz 18IEpkJEeUEvl25c1McG3NMkvaXPxeeYqu6nZ+6Woucev4WNPets+xzu2DTs/OPZ 4LdRaCsbpCRuArR3M6tWnGYA3wky5PnIDQzHIQ9181F40goQw9bD4Z44cZk+4z6E oJkqEmnOiwY9ynQ7sTmzuVxle0EMXi2+QnTFg9GqVC5MHRwBOKsMMvPID63tn+Sz imFruz3iaMLErGKi0pz9uhm8bQGGqzbJFW0q9DYFSpzTrjteq1ixbC/spervfLM8 6ApwUr/fbp3TcGPWeUzy9CisODUuofZAayNcu34RI3d/HfAtgtstk/cA3iZe2s/2 yd5a0CewLXBmpPWrLTde84Xwn2Bcs24WhRi4a9o4crzPlXuzmCYtTKpDgGH0edxe h2YJzY5OvZ1ygvZ/0OND =oH8w -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-7030 // JVNDB: JVNDB-2015-005537 // BID: 77271 // VULHUB: VHN-84991 // PACKETSTORM: 134058

AFFECTED PRODUCTS

vendor:applemodel:xcodescope:lteversion:7.0

Trust: 1.0

vendor:applemodel:xcodescope:eqversion:7.0

Trust: 0.9

vendor:applemodel:xcodescope:ltversion:7.1 (os x yosemite v10.10.5 or later )

Trust: 0.8

vendor:applemodel:xcodescope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:6.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:5.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.5

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.4

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.1.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:xcodescope:neversion:7.1

Trust: 0.3

sources: BID: 77271 // JVNDB: JVNDB-2015-005537 // CNNVD: CNNVD-201510-506 // NVD: CVE-2015-7030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7030
value: HIGH

Trust: 1.0

NVD: CVE-2015-7030
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201510-506
value: HIGH

Trust: 0.6

VULHUB: VHN-84991
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7030
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84991
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84991 // JVNDB: JVNDB-2015-005537 // CNNVD: CNNVD-201510-506 // NVD: CVE-2015-7030

PROBLEMTYPE DATA

problemtype:CWE-17

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-84991 // JVNDB: JVNDB-2015-005537 // NVD: CVE-2015-7030

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-506

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201510-506

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005537

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-84991

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-10-21-7 Xcode 7.1url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00008.html
Trust: 0.8
title:HT205379url:https://support.apple.com/en-us/HT205379
Trust: 0.8
title:HT205379url:http://support.apple.com/ja-jp/HT205379
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-005537

EXTERNAL IDS
db:NVDid:CVE-2015-7030
Trust: 2.9
db:SECTRACKid:1033930
Trust: 1.1
db:JVNid:JVNVU92655282
Trust: 0.8
db:JVNDBid:JVNDB-2015-005537
Trust: 0.8
db:CNNVDid:CNNVD-201510-506
Trust: 0.6
db:BIDid:77271
Trust: 0.4
db:PACKETSTORMid:134058
Trust: 0.2
db:VULHUBid:VHN-84991
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84991 // 
            
            
            
            BID: 77271 // 
            
            
            
            JVNDB: JVNDB-2015-005537 // 
            
            
            
            PACKETSTORM: 134058 // 
            
            
            
            CNNVD: CNNVD-201510-506 // 
            
            
            
            NVD: CVE-2015-7030

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00008.html
Trust: 1.7
url:https://support.apple.com/ht205379
Trust: 1.7
url:http://www.securitytracker.com/id/1033930
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7030
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92655282/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7030
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://developer.apple.com/xcode/
Trust: 0.3
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://gpgtools.org
Trust: 0.1
url:https://developer.apple.com/xcode/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7030
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84991 // 
            
            
            
            BID: 77271 // 
            
            
            
            JVNDB: JVNDB-2015-005537 // 
            
            
            
            PACKETSTORM: 134058 // 
            
            
            
            CNNVD: CNNVD-201510-506 // 
            
            
            
            NVD: CVE-2015-7030

CREDITS
Anonymous
Trust: 0.3
sources:
            
            
            BID: 77271

SOURCES
db:VULHUBid:VHN-84991
db:BIDid:77271
db:JVNDBid:JVNDB-2015-005537
db:PACKETSTORMid:134058
db:CNNVDid:CNNVD-201510-506
db:NVDid:CVE-2015-7030

LAST UPDATE DATE
2024-08-14T13:17:43.659000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84991date:2016-12-24T00:00:00
db:BIDid:77271date:2015-10-21T00:00:00
db:JVNDBid:JVNDB-2015-005537date:2015-10-26T00:00:00
db:CNNVDid:CNNVD-201510-506date:2015-10-26T00:00:00
db:NVDid:CVE-2015-7030date:2016-12-24T02:59:36.060

SOURCES RELEASE DATE
db:VULHUBid:VHN-84991date:2015-10-23T00:00:00
db:BIDid:77271date:2015-10-21T00:00:00
db:JVNDBid:JVNDB-2015-005537date:2015-10-26T00:00:00
db:PACKETSTORMid:134058date:2015-10-21T20:33:33
db:CNNVDid:CNNVD-201510-506date:2015-10-26T00:00:00
db:NVDid:CVE-2015-7030date:2015-10-23T10:59:15.147