CVE-2015-1067
Description
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2015-1067 is a TLS state transition flaw in Apple's Secure Transport enabling FREAK cipher-downgrade attacks on iOS, OS X, and Apple TV.
Vulnerability
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, allowing a remote attacker to force the use of weak EXPORT_RSA cipher suites. This vulnerability is part of the FREAK attack (CVE-2015-0204, CVE-2015-1637 are related but distinct) [2]. The affected code path is reachable when a vulnerable client connects to a server that accepts export-grade RSA ciphers.
Exploitation
An attacker with a man-in-the-middle position on the network can intercept a TLS handshake between a vulnerable Apple device and a susceptible server. By crafting TLS traffic that triggers an improper state transition, the attacker can downgrade the negotiated cipher to an EXPORT_RSA suite, which uses only 512-bit RSA keys [2]. No authentication or user interaction beyond normal browsing is required; the attack is transparent to the user.
Impact
Successful exploitation allows the attacker to decrypt the intercepted TLS session, gaining access to sensitive data such as passwords, cookies, or other confidential information transmitted over HTTPS [2]. The attacker can also potentially modify the data in transit. The compromise is limited to the confidentiality and integrity of the specific session; no persistent access or privilege escalation is achieved.
Mitigation
Apple addressed this vulnerability in iOS 8.2 [4], OS X Yosemite 10.10.3 and Security Update 2015-004 [1], and Apple TV 7.1. Users should update to the latest available versions. No workaround exists for unpatched systems. The vulnerability is not listed on the CISA KEV catalog as of the publication date.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Range: <8.2
- Range: <=10.10.2
- Range: <7.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- freakattack.comnvdExploit
- lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Mar/msg00000.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Mar/msg00001.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Mar/msg00002.htmlnvdVendor Advisory
- www.securitytracker.com/id/1031829nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1031830nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT204413nvdVendor Advisory
- support.apple.com/HT204423nvdVendor Advisory
- support.apple.com/HT204426nvdVendor Advisory
- support.apple.com/HT204659nvdVendor Advisory
- www.securityfocus.com/bid/73009nvd
- support.apple.com/kb/HT204870nvd
News mentions
0No linked articles in our index yet.