CVE-2015-1157 — Apple Itunes vulnerability

CWE-1715 documents3 sources

Severity

7.8HIGHNVD

EPSS

8.3%

top 7.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes Apple MAC OS X Apple IOS +2 more

Timeline

PublishedMay 28

Latest updateMay 17

Description

CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages6 packages

▶NVDapple/itunes12.2

▶NVDapple/mac_os_x10.0.3

▶Appleapple/ios8.4

▶Appleapple/itunes12.3

▶NVDapple/iphone_os8 versions+7

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-r4wc-44ww-v8f2: CoreText in Apple iOS 8↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2015-3689: iOS 8.4↗

▶

Apple

CVE-2015-3686: iOS 8.4↗

▶

Apple

CVE-2015-1157: iOS 8.4↗

▶

Apple

CVE-2015-1157: OS X Yosemite v10.10.4 and Security Update 2015-005↗

▶

Apple

CVE-2015-3688: iOS 8.4↗

▶