Multiple Apple Products libc File System Buffer Overflow Patch

Published
Credit
Risk
2015.12.09
CXSECURITY
High
CWE
CVE
Local
Remote
CWE-119
CVE-2015-7039
Yes
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

Hi @ll,

Today Apple fixed buffer overflow issue in LIBC/FTS (CVE-2015-7039).

Patch Available for:
- OS X El Capitan v10.11 and v10.11.1
- iPhone 4s and later,
- Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
- Apple TV (4th generation)


Impact: Processing a maliciously crafted package may lead to arbitrary code execution
Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds

Conception and description of issue here:

https://cxsecurity.com/issue/WLB-2015100149

Best Regards,
Maksymilian Arciemowicz (http://cert.cx)
https://cxsecurity.com - Independent Information

References:

https://cxsecurity.com/issue/WLB-2015100149
https://support.apple.com/en-us/HT205637
https://support.apple.com/en-us/HT205635
https://support.apple.com/en-us/HT205640
https://support.apple.com/en-us/HT205641


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com