First published: Fri Dec 11 2015(Updated: )
zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
iStyle @cosme iPhone OS | <=9.1 | |
Apple iOS and macOS | <=10.11.1 | |
Apple iOS, iPadOS, and watchOS | <=2.0 | |
tvOS | <=9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-7054 is classified as a high severity vulnerability due to its potential to allow remote code execution.
To fix CVE-2015-7054, update your affected Apple device to the latest version of the operating system.
CVE-2015-7054 affects Apple iOS versions before 9.2, OS X versions before 10.11.2, tvOS versions before 9.1, and watchOS versions before 2.1.
The impact of CVE-2015-7054 allows remote attackers to execute arbitrary code on affected systems.
There are no known workarounds for CVE-2015-7054; the only solution is to update to a secure version.