CVE-2015-7081

MEDIUM

Description

iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

http://www.securitytracker.com/id/1034344

https://support.apple.com/HT205635

https://support.apple.com/HT205637

Details

Source: MITRE

Published: 2015-12-11

Updated: 2017-09-13

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.11.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 9.1 (inclusive)

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
9325Mac OS X 10.11.x < 10.11.2 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
high
9329Apple iOS < 9.2 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
87321Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)NessusMacOS X Local Security Checks
critical
87314Mac OS X 10.11.x < 10.11.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
87310Apple iOS < 9.2 Multiple VulnerabilitiesNessusMobile Devices
critical