Palo Alto Networks Researchers Discover High Severity Vulnerability Impacting Apple’s Major Products

Ryan Olson

Palo Alto Networks researchers Tongbo Luo and Bo Qu are credited with discovering a new vulnerability (CVE-2015-7066) in OpenGL and Webkit that impacts all of Apple’s major products, including:

CVE-2015-7066 is a memory corruption issue that can lead to remote code execution when a user views a maliciously crafted website. This vulnerability can be exploited through a drive-by attack embedded in a website, or through a phishing attack using e-mail messages to lure victims to a malicious link.

At this time we are not aware of any attacks exploiting this vulnerability in the wild.

By proactively identifying vulnerabilities, developing protections for our customers, and sharing them with Apple for patching, we are removing weapons used by attackers to compromise enterprise, government and service provider networks.

We have released IPS signature 38581 to detect this vulnerability in our Threat Prevention product.


Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

© 2018 Palo Alto Networks, Inc. All rights reserved.