CVE-2015-5825 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 30.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Apple IOS 9 +1 more

Timeline

PublishedSep 18

Latest updateMay 17

Description

WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDapple/safari8.0.8

▶NVDapple/iphone_os8.4.1

▶Appleapple/ios_9

▶Appleapple/safari_9

🔴Vulnerability Details

GHSA

GHSA-hv69-h9mv-592v: WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive i↗2022-05-17

▶

OSV

CVE-2015-5825: WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive i↗2015-09-18

▶

📋Vendor Advisories

Apple

CVE-2015-5825: iOS 9↗

▶

Apple

CVE-2015-5825: Safari 9↗

▶

💬Community

Bugzilla

"Spy in the Sandbox" - Security issue related to High Resolution Time API↗2015-05-22

▶