CVE-2015-1086

Apple iOS <8.3 & Apple TV <7.2 - RCE

Title source: llm
STIX 2.1

Description

The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032050
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT204662
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT204661

Scores

EPSS 0.0041
EPSS Percentile 32.8%

Details

CWE
CWE-20
Status published
Products (2)
apple/iphone_os < 8.2
apple/tvos < 7.1
Published Apr 10, 2015
Tracked Since Feb 18, 2026