CVE-2015-3758 — Improper Input Validation in Apple Iphone OS

CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 47.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple IOS

Timeline

PublishedAug 16

Latest updateMay 17

Description

UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDapple/iphone_os8.4

▶Appleapple/ios8.4.1

🔴Vulnerability Details

GHSA

GHSA-93vw-mjxr-c2c9: UIKit WebView in Apple iOS before 8↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2015-3758: iOS 8.4.1↗

▶