CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 02:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/ - | |
References | () http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html - Vendor Advisory | |
References | () http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html - Patch, Vendor Advisory | |
References | () http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html - Patch, Vendor Advisory | |
References | () http://support.apple.com/kb/HT204941 - Vendor Advisory | |
References | () http://support.apple.com/kb/HT204942 - Vendor Advisory | |
References | () http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083 - | |
References | () http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/ - Exploit | |
References | () http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/ - | |
References | () http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/ - Exploit | |
References | () http://www.securityfocus.com/bid/75491 - | |
References | () http://www.securitytracker.com/id/1032408 - | |
References | () http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/ - Exploit | |
References | () https://ghostbin.com/paste/zws9m - | |
References | () https://support.apple.com/HT205221 - Vendor Advisory |
Information
Published : 2015-05-28 01:59
Updated : 2024-11-21 02:24
NVD link : CVE-2015-1157
Mitre link : CVE-2015-1157
CVE.ORG link : CVE-2015-1157
JSON object : View
Products Affected
apple
- iphone_os
- itunes
- mac_os_x
CWE
CWE-17
DEPRECATED: Code