CVE-2015-1092

Published: Apr 10, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (2)

Products: Apple: Tvos, Iphone Os

Apple

2 products

Tvos

Iphone Os

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Tvos	Up to 7.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 8.2

References (14)

http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html

Source: product-security@apple.com

Vendor Advisory

http://www.securityfocus.com/bid/73983

Source: product-security@apple.com

http://www.securitytracker.com/id/1032050

Source: product-security@apple.com

https://support.apple.com/HT204661

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT204662

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/kb/HT204870

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html