Vulnerability Description
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 8.3 |
| Apple | Mac Os X | <= 10.10.3 |
| Apple | Safari | <= 6.2.6 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlVendor Advisory
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
- http://support.apple.com/kb/HT204941Vendor Advisory
- http://support.apple.com/kb/HT204950Vendor Advisory
- http://www.securityfocus.com/bid/75492
- http://www.securitytracker.com/id/1032754
- http://www.ubuntu.com/usn/USN-2937-1
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlVendor Advisory
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
- http://support.apple.com/kb/HT204941Vendor Advisory
- http://support.apple.com/kb/HT204950Vendor Advisory
- http://www.securityfocus.com/bid/75492
- http://www.securitytracker.com/id/1032754
FAQ
What is CVE-2015-3659?
CVE-2015-3659 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly...
How severe is CVE-2015-3659?
CVE-2015-3659 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3659?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Safari.