CVE-2015-1152 — Out-of-bounds Write in Apple Iphone OS

13 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

1.0%

top 23.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webkitgtk Apple Iphone OS Apple Itunes +3 more

Timeline

PublishedMay 8

Latest updateMay 17

Description

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages7 packages

▶NVDapple/safari6.2.5+19

▶Appleapple/safari_8.0.6_safari_7.1.6_and_safari6.2.6

▶Ubuntuwebkitgtk/webkitgtk< 2.4.10-0ubuntu0.14.04.1+1

▶NVDapple/itunes12.2+1

▶NVDapple/iphone_os8.3

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-xr42-288c-hwmj: WebKit, as used in Apple Safari before 6↗2022-05-17

▶

GHSA

GHSA-cj7g-46rv-89r4: WebKit, as used in Apple Safari before 6↗2022-05-17

▶

GHSA

GHSA-vpw8-6fwj-h438: WebKit, as used in Apple Safari before 6↗2022-05-17

▶

OSV

CVE-2015-1152: WebKit, as used in Apple Safari before 6↗2015-05-08

▶

OSV

CVE-2015-1154: WebKit, as used in Apple Safari before 6↗2015-05-08

▶

📋Vendor Advisories

Apple

CVE-2015-1152: Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6↗

▶

Apple

CVE-2015-1152: iTunes 12.2↗

▶

Apple

CVE-2015-1152: iTunes 12.3↗

▶

Apple

CVE-2015-1152: iOS 8.4↗

▶