Описание
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
Комментарий
Per an Apple Security Advisory Apple TV before 7.0.3 was also vulnerable. Per an Apple Security Advisory Apple iOS before 8.1.3 was also vulnerable.
These product additions are reflected in the vulnerable configuration.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.2 (включая)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 7.0.1 (включая)
Одно из
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:6.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:6.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:6.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:6.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:6.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:7.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:7.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00063
Низкий
2.1 Low
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
EPSS
Процентиль: 20%
0.00063
Низкий
2.1 Low
CVSS2
Дефекты
CWE-264