Details of VAR-201504-0132

ID

VAR-201504-0132

CVE

CVE-2015-1116

TITLE

Apple iOS of UIKit View Vulnerabilities that can capture important information in components

Trust: 0.8

sources: JVNDB: JVNDB-2015-002152

DESCRIPTION

The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to gain sensitive information, perform unauthorized actions, bypass security restrictions, and perform other attacks. These issues affect iOS versions prior to 8.3. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. UIKit View is one of the lightweight, modular front-end framework components. The vulnerability is caused by the program displaying a clear snapshot of the application in the Task Switcher

Trust: 1.98

sources: NVD: CVE-2015-1116 // JVNDB: JVNDB-2015-002152 // BID: 73978 // VULHUB: VHN-79076

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 73978 // JVNDB: JVNDB-2015-002152 // CNNVD: CNNVD-201504-141 // NVD: CVE-2015-1116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1116
value:	LOW
Trust: 1.0
NVD:	CVE-2015-1116
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201504-141
value:	LOW
Trust: 0.6
VULHUB:	VHN-79076
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-1116
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-79076
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-79076 // JVNDB: JVNDB-2015-002152 // CNNVD: CNNVD-201504-141 // NVD: CVE-2015-1116

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-79076 // JVNDB: JVNDB-2015-002152 // NVD: CVE-2015-1116

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201504-141

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201504-141

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002152

PATCH

title:	APPLE-SA-2015-04-08-3 iOS 8.3	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/en-us/HT204661	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/ja-jp/HT204661	Trust: 0.8

sources: JVNDB: JVNDB-2015-002152

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1116	Trust: 2.8
db:	BID	id:	73978	Trust: 1.4
db:	SECTRACK	id:	1032050	Trust: 1.1
db:	JVN	id:	JVNVU91828320	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002152	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-141	Trust: 0.7
db:	VULHUB	id:	VHN-79076	Trust: 0.1

sources: VULHUB: VHN-79076 // BID: 73978 // JVNDB: JVNDB-2015-002152 // CNNVD: CNNVD-201504-141 // NVD: CVE-2015-1116

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html	Trust: 1.7
url:	https://support.apple.com/ht204661	Trust: 1.7
url:	http://www.securityfocus.com/bid/73978	Trust: 1.1
url:	http://www.securitytracker.com/id/1032050	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1116	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91828320/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1116	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://support.apple.com/en-us/ht204661	Trust: 0.3

sources: VULHUB: VHN-79076 // BID: 73978 // JVNDB: JVNDB-2015-002152 // CNNVD: CNNVD-201504-141 // NVD: CVE-2015-1116

CREDITS

TaiG Jailbreak Team, Jarrod Dwenger, Steve Favorito, Paul Reedy of ConocoPhillips, Pedro Tavares of Molecular Biophysics at UCIBIO/FCT/UNL, De Paul Sunny, Christian Still of Evolve Media, Canada, Brent Erickson, Stuart Ryan of University of Technology, Syd

Trust: 0.3

sources: BID: 73978

SOURCES

db:	VULHUB	id:	VHN-79076
db:	BID	id:	73978
db:	JVNDB	id:	JVNDB-2015-002152
db:	CNNVD	id:	CNNVD-201504-141
db:	NVD	id:	CVE-2015-1116

LAST UPDATE DATE

2024-11-23T21:14:30.501000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-79076	date:	2017-01-03T00:00:00
db:	BID	id:	73978	date:	2015-05-07T17:36:00
db:	JVNDB	id:	JVNDB-2015-002152	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-141	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-1116	date:	2024-11-21T02:24:42.353

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-79076	date:	2015-04-10T00:00:00
db:	BID	id:	73978	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002152	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-141	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-1116	date:	2015-04-10T14:59:30.887