CVE-2015-1065

Vulnerability

Multiple buffer overflows exist in the handling of data during iCloud Keychain recovery in Apple iOS versions prior to 8.2 and in OS X through 10.10.2 (OS X Yosemite v10.10.2). The vulnerability resides in the client-server data stream processing logic during iCloud Keychain recovery, where crafted network data can trigger buffer overflows [1][2][3].

Exploitation

An attacker with a privileged network position (man-in-the-middle) can exploit this vulnerability by modifying the client-server data stream during the iCloud Keychain recovery process. The attacker needs to intercept and manipulate network traffic between the affected device and Apple's servers while a keychain recovery operation is initiated. The exact steps require the attacker to inject specially crafted data into the recovery protocol stream to trigger the buffer overflow condition [1][3].

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of the iCloud Keychain process. This can lead to full disclosure or modification of the iCloud Keychain contents, including stored passwords and other sensitive data. On iOS, the attacker can execute code within the sandbox of the iCloud Keychain component; on OS X, code execution occurs in the context of the affected system service [1][2][3].

Mitigation

Apple addressed these issues in iOS 8.2 (released March 9, 2015) and OS X Security Update 2015-003 (released April 8, 2015). Users should update to iOS 8.2 or later, or install OS X Yosemite v10.10.3 with Security Update 2015-003. No workaround is available; the only mitigation is to apply the security updates. There is no indication this CVE is listed on CISA's Known Exploited Vulnerabilities Catalog [1][3].