First published: Fri Apr 10 2015(Updated: )
NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple tvOS | <=7.1 | |
Apple iPhone OS | <=8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.