Sign-up

ID

VAR-201507-0419


CVE

CVE-2015-3725


TITLE

Apple iOS of MobileInstallation Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003432

DESCRIPTION

MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, bypass security restrictions, and perform other attacks. Versions prior to iOS 8.4 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. MobileInstallation is a necessary component to install AppStore cracked software. The vulnerability stems from the program's failure to properly handle the installation logic of the Universal Provisioning Profile application on the Watch

Trust: 1.98

sources: NVD: CVE-2015-3725 // JVNDB: JVNDB-2015-003432 // BID: 75490 // VULHUB: VHN-81686

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.3

Trust: 1.0

vendor:applemodel:iosscope:ltversion:8.4 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.3

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 75490 // JVNDB: JVNDB-2015-003432 // CNNVD: CNNVD-201507-086 // NVD: CVE-2015-3725

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3725
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3725
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-086
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81686
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3725
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81686
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81686 // JVNDB: JVNDB-2015-003432 // CNNVD: CNNVD-201507-086 // NVD: CVE-2015-3725

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-81686 // JVNDB: JVNDB-2015-003432 // NVD: CVE-2015-3725

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-086

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201507-086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003432

PATCH
title:APPLE-SA-2015-06-30-1 iOS 8.4url:http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
Trust: 0.8
title:HT204941url:http://support.apple.com/en-us/HT204941
Trust: 0.8
title:HT204941url:http://support.apple.com/ja-jp/HT204941
Trust: 0.8
title:quicktime7.7.7_installerurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517
Trust: 0.6
title:osxupd10.10.4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516
Trust: 0.6
title:iPhone7,1_8.4_12H143_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-003432 // 
            
            
            
            CNNVD: CNNVD-201507-086

EXTERNAL IDS
db:NVDid:CVE-2015-3725
Trust: 2.8
db:BIDid:75490
Trust: 1.4
db:SECTRACKid:1032761
Trust: 1.1
db:JVNDBid:JVNDB-2015-003432
Trust: 0.8
db:CNNVDid:CNNVD-201507-086
Trust: 0.7
db:VULHUBid:VHN-81686
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81686 // 
            
            
            
            BID: 75490 // 
            
            
            
            JVNDB: JVNDB-2015-003432 // 
            
            
            
            CNNVD: CNNVD-201507-086 // 
            
            
            
            NVD: CVE-2015-3725

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html
Trust: 1.7
url:http://support.apple.com/kb/ht204941
Trust: 1.7
url:http://www.securityfocus.com/bid/75490
Trust: 1.1
url:http://www.securitytracker.com/id/1032761
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3725
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3725
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-81686 // 
            
            
            
            BID: 75490 // 
            
            
            
            JVNDB: JVNDB-2015-003432 // 
            
            
            
            CNNVD: CNNVD-201507-086 // 
            
            
            
            NVD: CVE-2015-3725

CREDITS
Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from FireEye, Inc, chaithanya (SegFault) working with HP's Zero Day Initiative, WanderingGlitch of HP's Zero Day Initiative, Matt Spisak of Endgame and Brian W. Gray of Carnegie Mellon University, Craig Young from
Trust: 0.3
sources:
            
            
            BID: 75490

SOURCES
db:VULHUBid:VHN-81686
db:BIDid:75490
db:JVNDBid:JVNDB-2015-003432
db:CNNVDid:CNNVD-201507-086
db:NVDid:CVE-2015-3725

LAST UPDATE DATE
2025-04-13T22:22:48.274000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81686date:2016-12-30T00:00:00
db:BIDid:75490date:2015-07-15T00:52:00
db:JVNDBid:JVNDB-2015-003432date:2015-07-09T00:00:00
db:CNNVDid:CNNVD-201507-086date:2015-07-10T00:00:00
db:NVDid:CVE-2015-3725date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-81686date:2015-07-03T00:00:00
db:BIDid:75490date:2015-06-30T00:00:00
db:JVNDBid:JVNDB-2015-003432date:2015-07-09T00:00:00
db:CNNVDid:CNNVD-201507-086date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3725date:2015-07-03T02:00:16.227