Sign-up

ID

VAR-201512-0135


CVE

CVE-2015-7109


TITLE

Apple OS X and tvOS of IOAcceleratorFamily Vulnerable to arbitrary code execution in a privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2015-006321

DESCRIPTION

IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple Mac OS X and tvOS are prone to multiple security bypass and memory corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Both Apple OS X and tvOS are products of Apple Inc

Trust: 1.98

sources: NVD: CVE-2015-7109 // JVNDB: JVNDB-2015-006321 // BID: 78733 // VULHUB: VHN-85070

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.11.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.11.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:9.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:9.1 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.1

Trust: 0.6

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:tvosscope:neversion:9.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.2

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2015

Trust: 0.3

sources: BID: 78733 // JVNDB: JVNDB-2015-006321 // CNNVD: CNNVD-201512-389 // NVD: CVE-2015-7109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7109
value: HIGH

Trust: 1.0

NVD: CVE-2015-7109
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201512-389
value: CRITICAL

Trust: 0.6

VULHUB: VHN-85070
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7109
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85070
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85070 // JVNDB: JVNDB-2015-006321 // CNNVD: CNNVD-201512-389 // NVD: CVE-2015-7109

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-85070 // JVNDB: JVNDB-2015-006321 // NVD: CVE-2015-7109

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-389

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201512-389

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006321

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
Trust: 0.8
title:APPLE-SA-2015-12-08-2 tvOS 9.1url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
Trust: 0.8
title:HT205640url:https://support.apple.com/en-us/HT205640
Trust: 0.8
title:HT205637url:https://support.apple.com/en-us/HT205637
Trust: 0.8
title:HT205640url:http://support.apple.com/ja-jp/HT205640
Trust: 0.8
title:HT205637url:http://support.apple.com/ja-jp/HT205637
Trust: 0.8
title:Apple OS X  and tvOS IOAcceleratorFamily Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59207
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006321 // 
            
            
            
            CNNVD: CNNVD-201512-389

EXTERNAL IDS
db:NVDid:CVE-2015-7109
Trust: 2.8
db:SECTRACKid:1034344
Trust: 1.1
db:JVNid:JVNVU97526033
Trust: 0.8
db:JVNDBid:JVNDB-2015-006321
Trust: 0.8
db:CNNVDid:CNNVD-201512-389
Trust: 0.7
db:BIDid:78733
Trust: 0.3
db:VULHUBid:VHN-85070
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85070 // 
            
            
            
            BID: 78733 // 
            
            
            
            JVNDB: JVNDB-2015-006321 // 
            
            
            
            CNNVD: CNNVD-201512-389 // 
            
            
            
            NVD: CVE-2015-7109

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/dec/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html
Trust: 1.7
url:https://support.apple.com/ht205637
Trust: 1.7
url:https://support.apple.com/ht205640
Trust: 1.7
url:http://www.securitytracker.com/id/1034344
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7109
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97526033/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7109
Trust: 0.8
url:http://www.apple.com/accessibility/tvos/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-85070 // 
            
            
            
            BID: 78733 // 
            
            
            
            JVNDB: JVNDB-2015-006321 // 
            
            
            
            CNNVD: CNNVD-201512-389 // 
            
            
            
            NVD: CVE-2015-7109

CREDITS
Luyi Xing and XiaoFeng Wang of Indiana University Bloomington, Xiaolong Bai of Indiana University Bloomington and Tsinghua University, Tongxin Li of Peking University, Kai Chen of Indiana University Bloomington and Institute of Information Engineering, Xia
Trust: 0.3
sources:
            
            
            BID: 78733

SOURCES
db:VULHUBid:VHN-85070
db:BIDid:78733
db:JVNDBid:JVNDB-2015-006321
db:CNNVDid:CNNVD-201512-389
db:NVDid:CVE-2015-7109

LAST UPDATE DATE
2025-04-13T22:58:40.508000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85070date:2017-09-13T00:00:00
db:BIDid:78733date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006321date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-389date:2015-12-14T00:00:00
db:NVDid:CVE-2015-7109date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-85070date:2015-12-11T00:00:00
db:BIDid:78733date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006321date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-389date:2015-12-14T00:00:00
db:NVDid:CVE-2015-7109date:2015-12-11T12:00:06.117