5

CVE-2015-5746

AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiPhone OS Version <= 8.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.42% 0.694
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Vendor Advisory
https://support.apple.com/kb/HT205030
Vendor Advisory
http://www.securityfocus.com/bid/76337
http://www.securitytracker.com/id/1033275