Описание
Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.0.6 (включая)
Одно из
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00559
Низкий
8.8 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.
EPSS
Процентиль: 68%
0.00559
Низкий
8.8 High
CVSS2
Дефекты
CWE-264