CVE-2015-3659 — Apple Iphone OS vulnerability

CWE-2646 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

1.1%

top 21.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webkitgtk Apple Iphone OS Apple MAC OS X +3 more

Timeline

PublishedJul 3

Latest updateMay 17

Description

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages6 packages

▶NVDapple/safari6.2.6+21

▶Appleapple/safari_8.0.7_safari_7.1.7_and_safari6.2.7

▶NVDapple/mac_os_x10.10.3

▶NVDapple/iphone_os8.3

▶Appleapple/ios8.4

🔴Vulnerability Details

GHSA

GHSA-gf65-6jjm-7xgc: The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6↗2022-05-17

▶

OSV

CVE-2015-3659: The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6↗2015-07-02

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2016-03-21

▶

Apple

CVE-2015-3659: iOS 8.4↗

▶

Apple

CVE-2015-3659: Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7↗

▶