CVE-2015-1092 Information

Description

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference related to an XML External Entity (XXE) issue.

Reference

http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html http://www.securityfocus.com/bid/73983 http://www.securitytracker.com/id/1032050 https://support.apple.com/HT204661 https://support.apple.com/HT204662 https://support.apple.com/kb/HT204870