Details of VAR-201512-0117

ID

VAR-201512-0117

CVE

CVE-2015-7083

TITLE

plural Apple Vulnerability gained in the product kernel

Trust: 0.8

sources: JVNDB: JVNDB-2015-006349

DESCRIPTION

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.2, watchOS 2.1, OS X 10.11.2, and tvOS 9.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Kernel is one of the kernel components. Security vulnerabilities exist in the kernel components of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-4 watchOS 2.1 watchOS 2.1 is now available and addresses the following: AppSandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt Compression Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team CoreMedia Playback Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of malformed media files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7075 dyld Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A segment validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7072 : Apple FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative GasGauge Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero IOKit SCSI Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool) Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero LaunchServices Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7113 : Olivier Goguel of Free Tools Association libarchive Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift libc Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM) OpenGL Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks Sandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc. Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation CVE-ID CVE-2015-7059 : David Keeler of Mozilla CVE-2015-7060 : Tyson Smith of Mozilla CVE-2015-7061 : Ryan Sleevi of Google Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzRUAAoJEBcWfLTuOo7tDFcP/0eMRtPiazqLeAvYEhbHBBYX K9T4vuY0ridD8lmoOPIEjcZnlx2VfZJIeUlgRoWBi1gm5Hi9UoR/17wCSJBUK7an EwcR2zlwEwZK3Vb64ogyAr3CkV0646nMyTiBRoZT+vz/zTRxxh/7yxcGE0kc6h2m 1w4uiljcU/1DzMNbjWz7+TSOKRJLilumf2kzvRGS5WPRs/WN1xJ6bGA5aiY9+M0R 7QbgnTsLVU58jmo1iIJDGLUyQ/7iF+kALZa+IozKRXJjbrq31qkheGSMCquUgDQT 3MkNbMl+UwZQdWuUswjp/ZYZ1EJ3e1AFNKVwv4f79DpBDViquq9g13agnCExhvvK ByrCwL41emEwQ0rVZdtmfneCrTsUfWGkM4BSAcSLJAmsJ/H9gP/J11x8MK4qkd+q Xl4YKJtRE1ovkRlxpKQbJL14yXIXVXMCdXhwkU6HlyxX3qOw8Gop0/2AXuBIup7Q 4idJ+JJyLjv6mYL3CtgWh+D6HVpRSS2DeKjHP33F8qMNaD0zjjlx1qQ2MZ42gwI4 4g5gGHWaq9q4fCLdbIvfHdeeU54Xb8Q/rJ2CMuE3y0q7BzYzToJFt8xE5+kw1d+x 3Cfc2clhT7YJdg2i4JtakbAAGMybx2IqfO2Zjc2GIGPuZGUSxQKUFgtmfJDR0/4e Zgl367oS5NsHOKYGx4cn =gPGz -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-7083 // JVNDB: JVNDB-2015-006349 // BID: 78719 // VULHUB: VHN-85044 // PACKETSTORM: 134750

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.1	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lte	version:	9.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	2.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	9.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch hermes)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch sport)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch)	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.1	Trust: 0.6
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	9.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 78719 // JVNDB: JVNDB-2015-006349 // CNNVD: CNNVD-201512-371 // NVD: CVE-2015-7083

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7083
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7083
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201512-371
value:	HIGH
Trust: 0.6
VULHUB:	VHN-85044
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-7083
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-85044
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-85044 // JVNDB: JVNDB-2015-006349 // CNNVD: CNNVD-201512-371 // NVD: CVE-2015-7083

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-85044 // JVNDB: JVNDB-2015-006349 // NVD: CVE-2015-7083

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201512-371

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201512-371

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006349

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-85044

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-12-08-1 iOS 9.2	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Trust: 0.8
title:	APPLE-SA-2015-12-08-4 watchOS 2.1	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html	Trust: 0.8
title:	APPLE-SA-2015-12-08-2 tvOS 9.1	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html	Trust: 0.8
title:	APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html	Trust: 0.8
title:	HT205635	url:	https://support.apple.com/en-us/HT205635	Trust: 0.8
title:	HT205641	url:	https://support.apple.com/en-us/HT205641	Trust: 0.8
title:	HT205640	url:	https://support.apple.com/en-us/HT205640	Trust: 0.8
title:	HT205637	url:	https://support.apple.com/en-us/HT205637	Trust: 0.8
title:	HT205641	url:	http://support.apple.com/ja-jp/HT205641	Trust: 0.8
title:	HT205640	url:	http://support.apple.com/ja-jp/HT205640	Trust: 0.8
title:	HT205637	url:	http://support.apple.com/ja-jp/HT205637	Trust: 0.8
title:	HT205635	url:	http://support.apple.com/ja-jp/HT205635	Trust: 0.8
title:	Multiple Apple product kernel Fixes for component buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59189	Trust: 0.6

sources: JVNDB: JVNDB-2015-006349 // CNNVD: CNNVD-201512-371

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7083	Trust: 2.9
db:	BID	id:	78719	Trust: 2.0
db:	SECTRACK	id:	1034344	Trust: 1.7
db:	JVN	id:	JVNVU97526033	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006349	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-371	Trust: 0.7
db:	EXPLOIT-DB	id:	39378	Trust: 0.1
db:	PACKETSTORM	id:	135428	Trust: 0.1
db:	VULHUB	id:	VHN-85044	Trust: 0.1
db:	PACKETSTORM	id:	134750	Trust: 0.1

sources: VULHUB: VHN-85044 // BID: 78719 // JVNDB: JVNDB-2015-006349 // PACKETSTORM: 134750 // CNNVD: CNNVD-201512-371 // NVD: CVE-2015-7083

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00002.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/78719	Trust: 1.7
url:	https://support.apple.com/ht205635	Trust: 1.7
url:	https://support.apple.com/ht205637	Trust: 1.7
url:	https://support.apple.com/ht205640	Trust: 1.7
url:	https://support.apple.com/ht205641	Trust: 1.7
url:	http://www.securitytracker.com/id/1034344	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7083	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97526033/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7083	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/accessibility/tvos/	Trust: 0.3
url:	http://www.apple.com/watchos-2/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7064	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6979	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6997	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6978	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7047	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7046	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7068	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7060	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7043	Trust: 0.1
url:	https://support.apple.com/en-us/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7053	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7042	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2895	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7075	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7105	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7059	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7001	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7083	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7084	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7039	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7072	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7040	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7054	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7061	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7111	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7041	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7073	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7038	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7066	Trust: 0.1

sources: VULHUB: VHN-85044 // BID: 78719 // JVNDB: JVNDB-2015-006349 // PACKETSTORM: 134750 // CNNVD: CNNVD-201512-371 // NVD: CVE-2015-7083

CREDITS

Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt, j00ru, John Villamil (@day6reak),Yahoo Pentest Team

Trust: 0.3

sources: BID: 78719

SOURCES

db:	VULHUB	id:	VHN-85044
db:	BID	id:	78719
db:	JVNDB	id:	JVNDB-2015-006349
db:	PACKETSTORM	id:	134750
db:	CNNVD	id:	CNNVD-201512-371
db:	NVD	id:	CVE-2015-7083

LAST UPDATE DATE

2024-11-23T21:10:16.427000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85044	date:	2019-03-08T00:00:00
db:	BID	id:	78719	date:	2016-01-12T02:01:00
db:	JVNDB	id:	JVNDB-2015-006349	date:	2015-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201512-371	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2015-7083	date:	2024-11-21T02:36:11.570

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85044	date:	2015-12-11T00:00:00
db:	BID	id:	78719	date:	2015-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-006349	date:	2015-12-15T00:00:00
db:	PACKETSTORM	id:	134750	date:	2015-12-10T17:20:29
db:	CNNVD	id:	CNNVD-201512-371	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-7083	date:	2015-12-11T11:59:48.597