Palo Alto Networks Researchers Discover High Severity Vulnerability Impacting Apple’s Major Products


Category: Threat Prevention, Unit 42

Tags: , , , , , , ,

Palo Alto Networks researchers Tongbo Luo and Bo Qu are credited with discovering a new vulnerability (CVE-2015-7066) in OpenGL and Webkit that impacts all of Apple’s major products, including:

CVE-2015-7066 is a memory corruption issue that can lead to remote code execution when a user views a maliciously crafted website. This vulnerability can be exploited through a drive-by attack embedded in a website, or through a phishing attack using e-mail messages to lure victims to a malicious link.

At this time we are not aware of any attacks exploiting this vulnerability in the wild.

By proactively identifying vulnerabilities, developing protections for our customers, and sharing them with Apple for patching, we are removing weapons used by attackers to compromise enterprise, government and service provider networks.

We have released IPS signature 38581 to detect this vulnerability in our Threat Prevention product.