CVE-2015-1067

Severity

43%

Complexity

86%

Confidentiality

48%

Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.

Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 9 years ago

2015-03-11 01:59:00

Last updated 5 years ago

2019-03-08 16:06:00

Affected Software

Apple Mac OS X

References

APPLE-SA-2015-04-08-2

Vendor Advisory

APPLE-SA-2015-03-09-1

Vendor Advisory

APPLE-SA-2015-03-09-2

Vendor Advisory

APPLE-SA-2015-03-09-3

Vendor Advisory

73009

1031829

Third Party Advisory, VDB Entry

1031830

Third Party Advisory, VDB Entry

https://freakattack.com/

Exploit

https://support.apple.com/HT204413

Vendor Advisory

https://support.apple.com/HT204423

Vendor Advisory

https://support.apple.com/HT204426

Vendor Advisory

https://support.apple.com/HT204659

Vendor Advisory

https://support.apple.com/kb/HT204870

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.