Details of VAR-201504-0141

ID

VAR-201504-0141

CVE

CVE-2015-1123

TITLE

Apple iOS and Apple TV Used in etc. Webkit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-002142

DESCRIPTION

WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4. Apple iOS and Apple TV Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

Trust: 2.07

sources: NVD: CVE-2015-1123 // JVNDB: JVNDB-2015-002142 // BID: 73986 // VULHUB: VHN-79083 // VULMON: CVE-2015-1123

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.2	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lte	version:	7.1	Trust: 1.0
vendor:	apple	model:	tv	scope:	eq	version:	7.1	Trust: 0.9
vendor:	apple	model:	tv	scope:	lt	version:	7.2 (apple tv first 3 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.2	Trust: 0.6
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.1.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	2.3.0	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	ne	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	2.2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.1.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.3.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	3.0.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	2.4.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3

sources: BID: 73986 // JVNDB: JVNDB-2015-002142 // CNNVD: CNNVD-201504-148 // NVD: CVE-2015-1123

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1123
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-1123
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-148
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-79083
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-1123
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-1123
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-79083
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-79083 // VULMON: CVE-2015-1123 // JVNDB: JVNDB-2015-002142 // CNNVD: CNNVD-201504-148 // NVD: CVE-2015-1123

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-1123

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-148

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201504-148

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002142

PATCH

title:	APPLE-SA-2015-04-08-3 iOS 8.3	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Trust: 0.8
title:	APPLE-SA-2015-04-08-4 Apple TV 7.2	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/en-us/HT204661	Trust: 0.8
title:	HT204662	url:	http://support.apple.com/en-us/HT204662	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/ja-jp/HT204661	Trust: 0.8
title:	HT204662	url:	http://support.apple.com/ja-jp/HT204662	Trust: 0.8

sources: JVNDB: JVNDB-2015-002142

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1123	Trust: 2.9
db:	SECTRACK	id:	1032050	Trust: 1.8
db:	JVN	id:	JVNVU91828320	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002142	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-148	Trust: 0.7
db:	BID	id:	73986	Trust: 0.5
db:	VULHUB	id:	VHN-79083	Trust: 0.1
db:	VULMON	id:	CVE-2015-1123	Trust: 0.1

sources: VULHUB: VHN-79083 // VULMON: CVE-2015-1123 // BID: 73986 // JVNDB: JVNDB-2015-002142 // CNNVD: CNNVD-201504-148 // NVD: CVE-2015-1123

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00003.html	Trust: 1.8
url:	https://support.apple.com/ht204661	Trust: 1.8
url:	https://support.apple.com/ht204662	Trust: 1.8
url:	http://www.securitytracker.com/id/1032050	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1123	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91828320/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1123	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://www.apple.com/in/appletv/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://support.apple.com/en-us/ht204662	Trust: 0.3
url:	https://support.apple.com/en-us/ht204661	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/73986	Trust: 0.1

sources: VULHUB: VHN-79083 // VULMON: CVE-2015-1123 // BID: 73986 // JVNDB: JVNDB-2015-002142 // CNNVD: CNNVD-201504-148 // NVD: CVE-2015-1123

CREDITS

Randy Luecke and Anoop Menon of Google Inc.

Trust: 0.3

sources: BID: 73986

SOURCES

db:	VULHUB	id:	VHN-79083
db:	VULMON	id:	CVE-2015-1123
db:	BID	id:	73986
db:	JVNDB	id:	JVNDB-2015-002142
db:	CNNVD	id:	CNNVD-201504-148
db:	NVD	id:	CVE-2015-1123

LAST UPDATE DATE

2024-11-23T19:59:04.162000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-79083	date:	2019-03-08T00:00:00
db:	VULMON	id:	CVE-2015-1123	date:	2019-03-08T00:00:00
db:	BID	id:	73986	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002142	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-148	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2015-1123	date:	2024-11-21T02:24:43.433

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-79083	date:	2015-04-10T00:00:00
db:	VULMON	id:	CVE-2015-1123	date:	2015-04-10T00:00:00
db:	BID	id:	73986	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002142	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-148	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-1123	date:	2015-04-10T14:59:37.137