CVE-2015-1067:The CVE-2015-1067 vulnerability involves a flaw in Secure Transport in Apple iOS, OS X, and Apple TV that allows remote attackers to conduct cipher-downgrade attacks via crafted TLS traffic.

splash
Back

Description Preview

The Secure Transport component in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions. This vulnerability makes it easier for remote attackers to perform cipher-downgrade attacks to EXPORT_RSA ciphers by manipulating TLS traffic. This issue is related to the "FREAK" vulnerability and is distinct from other CVEs such as CVE-2015-0204 and CVE-2015-1637.

Overview

The vulnerability in Secure Transport in Apple devices allows attackers to weaken the encryption used in TLS connections, potentially exposing sensitive data to interception or manipulation. By exploiting this flaw, attackers can force the use of weaker EXPORT_RSA ciphers, making it easier to decrypt the communication.

Remediation

To address this vulnerability, Apple released security updates for affected products. Users are advised to update their Apple devices to the latest available versions to mitigate the risk of exploitation. Additionally, users should avoid connecting to untrusted networks or websites to reduce the likelihood of a successful attack.

References

  1. Security Focus BID: http://www.securityfocus.com/bid/73009
  2. Apple Support Advisory - HT204659: https://support.apple.com/HT204659
  3. Apple Support Advisory - HT204870: https://support.apple.com/kb/HT204870
  4. Apple Security Advisory - APPLE-SA-2015-03-09-2: http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html
  5. Security Tracker - CVE-2015-1067: http://www.securitytracker.com/id/1031829
  6. Security Tracker - CVE-2015-1067: http://www.securitytracker.com/id/1031830
  7. Apple Security Advisory - APPLE-SA-2015-03-09-3: http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html
  8. Apple Support Advisory - HT204426: https://support.apple.com/HT204426
  9. FREAK Attack Website: https://freakattack.com/
  10. Apple Support Advisory - HT204413: https://support.apple.com/HT204413
  11. Apple Security Advisory - APPLE-SA-2015-04-08-2: http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
  12. Apple Security Advisory - APPLE-SA-2015-03-09-1: http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html
  13. Apple Support Advisory - HT204423: https://support.apple.com/HT204423

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Health Care & Social Assistance
    Health Care & Social Assistance
  2. Manufacturing
    Manufacturing
  3. Public Administration
    Public Administration
  4. Educational Services
    Educational Services
  5. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  6. Transportation & Warehousing
    Transportation & Warehousing
  7. Finance and Insurance
    Finance and Insurance
  8. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  9. Other Services (except Public Administration)
    Other Services (except Public Administration)
  10. Retail Trade
    Retail Trade
  11. Information
    Information
  12. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  13. Management of Companies & Enterprises
    Management of Companies & Enterprises
  14. Mining
    Mining
  15. Wholesale Trade
    Wholesale Trade
  16. Accommodation & Food Services
    Accommodation & Food Services
  17. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  18. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  19. Construction
    Construction
  20. Utilities
    Utilities

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database