Multiple Apple Products libc File System Buffer Overflow Patch

2015.12.09
Credit: CXSECURITY
Risk: High
Local: Yes
Remote: Yes
CWE: CWE-119


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hi @ll, Today Apple fixed buffer overflow issue in LIBC/FTS (CVE-2015-7039). Patch Available for: - OS X El Capitan v10.11 and v10.11.1 - iPhone 4s and later, - Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes - Apple TV (4th generation) Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds Conception and description of issue here: https://cxsecurity.com/issue/WLB-2015100149 Best Regards, Maksymilian Arciemowicz (http://cert.cx) https://cxsecurity.com - Independent Information

References:

https://cxsecurity.com/issue/WLB-2015100149
https://support.apple.com/en-us/HT205637
https://support.apple.com/en-us/HT205635
https://support.apple.com/en-us/HT205640
https://support.apple.com/en-us/HT205641


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top