Vulnerability CVE-2015-1157
Published: 2015-05-27   Modified: 2015-05-28

Description:
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Apple -> Iphone os 
Apple -> Mac os x 
Apple -> Itunes 

 References:
http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942
http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083
http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/
http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/
http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/
http://www.securityfocus.com/bid/75491
http://www.securitytracker.com/id/1032408
http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/
https://ghostbin.com/paste/zws9m
https://support.apple.com/HT205221
Copyright 2024, cxsecurity.com

 

Back to Top