VIR Vulnerability Intelligence Relay

CVE-2015-7006

medium
Published 2015-10-23 · Modified 2026-05-06
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/HT205378

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/HT205375

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/HT205370

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html

OS impact
OSVersionStatusFixed in
macos macosaffected

References

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.