Vulnerability CVE-2015-1157 - CERT Civis.Net

Vulnerability Name:

CVE-2015-1157 (CCN-103447)

Assigned:

2015-05-27

Published:

2015-05-27

Updated:

2016-11-28

Summary:

CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.

CVSS v3 Severity:

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MISC
Type: UNKNOWN
http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/

Source: MITRE
Type: CNA
CVE-2015-1157

Source: APPLE
Type: Vendor Advisory
APPLE-SA-2015-06-30-1

Source: APPLE
Type: Patch, Vendor Advisory
APPLE-SA-2015-06-30-2

Source: APPLE
Type: Patch, Vendor Advisory
APPLE-SA-2015-09-16-3

Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT204941

Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT204942

Source: CCN
Type: Apple Web site
Apple iOS

Source: CCN
Type: International Business Times Web site
Apple iOS bug sees Message app crash and iPhone reboot simply by receiving a message

Source: MISC
Type: UNKNOWN
http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083

Source: MISC
Type: Exploit
http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/

Source: MISC
Type: UNKNOWN
http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/

Source: MISC
Type: Exploit
http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/

Source: BID
Type: UNKNOWN
75491

Source: CCN
Type: BID-75491
Apple Mac OS X and iOS Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1032408

Source: MISC
Type: Exploit
http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/

Source: XF
Type: UNKNOWN
appleios-coretext-cve20151157-dos(103447)

Source: MISC
Type: UNKNOWN
https://ghostbin.com/paste/zws9m

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/HT205221

Vulnerable Configuration:

Configuration 1:

cpe:/o:apple:ios:8.0:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:8.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:8.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:8.1:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:8.1.2:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:8.1.3:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:8.2:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:8.3:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version <= 10.0.3)

Configuration 3:

cpe:/a:apple:itunes:*:*:*:*:*:*:*:* (Version <= 12.2)

Configuration CCN 1:

cpe:/o:apple:ios:8.1.2:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:8.2:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:8.1.3:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:8.3:*:*:*:*:*:*:*

Denotes that component is vulnerable