Arbitrary Code Execution and Denial of Service Vulnerability in SQLite
CVE-2015-7036 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
Learn more about our Cis Benchmark Audit For Apple Ios.