CVE-2015-7081

Published: Dec 11, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (2)

Products: Apple: Mac Os X, Iphone Os

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.11.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 9.1

References (10)

http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

Source: product-security@apple.com

Vendor Advisory

http://www.securitytracker.com/id/1034344

Source: product-security@apple.com

https://support.apple.com/HT205635

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT205637

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1034344

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/HT205635

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT205637

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.