Vulnerability Description
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | 8.0 |
| Apple | Mac Os X | <= 10.0.3 |
| Apple | Itunes | <= 12.2 |
Related Weaknesses (CWE)
References
- http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlVendor Advisory
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlPatchVendor Advisory
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT204941Vendor Advisory
- http://support.apple.com/kb/HT204942Vendor Advisory
- http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simp
- http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/Exploit
- http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_v
- http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_youExploit
- http://www.securityfocus.com/bid/75491
- http://www.securitytracker.com/id/1032408
- http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/Exploit
- https://ghostbin.com/paste/zws9m
- https://support.apple.com/HT205221Vendor Advisory
FAQ
What is CVE-2015-1157?
CVE-2015-1157 is a vulnerability with a CVSS score of 7.8 (HIGH). CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display trunca...
How severe is CVE-2015-1157?
CVE-2015-1157 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1157?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Itunes.