CVE-2015-5838Improper Access Control in Apple Iphone OS

CWE-284Improper Access Control3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 54.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple IOS 9
Timeline
PublishedSep 18
Latest updateMay 17

Description

SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDapple/iphone_os8.4.1
Appleapple/ios_9

🔴Vulnerability Details

1
GHSA
GHSA-875m-w292-8mvw: SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an2022-05-17

📋Vendor Advisories

1
Apple
CVE-2015-5838: iOS 9