Sign-up

ID

VAR-201508-0034


CVE

CVE-2015-5759


TITLE

Apple iOS Used in etc. WebKit Click forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-004222

DESCRIPTION

WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. Apple iOS Used in etc. WebKit Contains a vulnerability in which clicks are counterfeited. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to access sensitive information, perform unauthorized actions, bypass security restrictions, and perform other attacks. Versions prior to iOS 8.4.1 are vulnerable. Note: The issue described by CVE-2015-3778 has been removed. The issue is discussed in BID 83590 (Apple Mac OS X and iOS CVE-2015-3778 Information Disclosure Vulnerability). WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

Trust: 2.07

sources: NVD: CVE-2015-5759 // JVNDB: JVNDB-2015-004222 // BID: 76337 // VULHUB: VHN-83720 // VULMON: CVE-2015-5759

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.4

Trust: 1.0

vendor:applemodel:iosscope:ltversion:8.4.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.0

Trust: 0.3

sources: BID: 76337 // JVNDB: JVNDB-2015-004222 // CNNVD: CNNVD-201508-234 // NVD: CVE-2015-5759

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5759
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5759
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-234
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83720
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-5759
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5759
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83720
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83720 // VULMON: CVE-2015-5759 // JVNDB: JVNDB-2015-004222 // CNNVD: CNNVD-201508-234 // NVD: CVE-2015-5759

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-83720 // JVNDB: JVNDB-2015-004222 // NVD: CVE-2015-5759

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-234

TYPE

Unknown

Trust: 0.3

sources: BID: 76337

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004222

PATCH
title:Apple security updatesurl:http://support.apple.com/en-us/HT1222
Trust: 0.8
title:APPLE-SA-2015-08-13-3 iOS 8.4.1url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Trust: 0.8
title:HT205030url:http://support.apple.com/en-us/HT205030
Trust: 0.8
title:HT205030url:http://support.apple.com/ja-jp/HT205030
Trust: 0.8
title:osxupd10.10.5url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57197
Trust: 0.6
title:iPhone7,1_8.4.1_12H321_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57198
Trust: 0.6
title:Apple: iOS 8.4.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1e360caea44107f4b635ae5265ed4e38
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5759 // 
            
            
            
            JVNDB: JVNDB-2015-004222 // 
            
            
            
            CNNVD: CNNVD-201508-234

EXTERNAL IDS
db:NVDid:CVE-2015-5759
Trust: 2.9
db:BIDid:76337
Trust: 2.1
db:SECTRACKid:1033275
Trust: 1.2
db:JVNid:JVNVU94440136
Trust: 0.8
db:JVNDBid:JVNDB-2015-004222
Trust: 0.8
db:CNNVDid:CNNVD-201508-234
Trust: 0.7
db:VULHUBid:VHN-83720
Trust: 0.1
db:VULMONid:CVE-2015-5759
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83720 // 
            
            
            
            VULMON: CVE-2015-5759 // 
            
            
            
            BID: 76337 // 
            
            
            
            JVNDB: JVNDB-2015-004222 // 
            
            
            
            CNNVD: CNNVD-201508-234 // 
            
            
            
            NVD: CVE-2015-5759

REFERENCES
url:http://www.securityfocus.com/bid/76337
Trust: 1.9
url:https://support.apple.com/kb/ht205030
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html
Trust: 1.8
url:http://www.securitytracker.com/id/1033275
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5759
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94440136/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5759
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/254.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40486
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83720 // 
            
            
            
            VULMON: CVE-2015-5759 // 
            
            
            
            BID: 76337 // 
            
            
            
            JVNDB: JVNDB-2015-004222 // 
            
            
            
            CNNVD: CNNVD-201508-234 // 
            
            
            
            NVD: CVE-2015-5759

CREDITS
evad3rs, TaiG Jailbreak Team, Cererdlong of Alibaba Mobile Security Team, Phillip Moon and Matt Weston of Sandfield, TaiG Jailbreak Team, FireEye, Proteas of Qihoo 360 Nirvan Team, Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201508-234

SOURCES
db:VULHUBid:VHN-83720
db:VULMONid:CVE-2015-5759
db:BIDid:76337
db:JVNDBid:JVNDB-2015-004222
db:CNNVDid:CNNVD-201508-234
db:NVDid:CVE-2015-5759

LAST UPDATE DATE
2025-04-13T21:16:34.897000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83720date:2016-12-24T00:00:00
db:VULMONid:CVE-2015-5759date:2016-12-24T00:00:00
db:BIDid:76337date:2016-07-05T21:35:00
db:JVNDBid:JVNDB-2015-004222date:2015-08-20T00:00:00
db:CNNVDid:CNNVD-201508-234date:2015-08-19T00:00:00
db:NVDid:CVE-2015-5759date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83720date:2015-08-17T00:00:00
db:VULMONid:CVE-2015-5759date:2015-08-17T00:00:00
db:BIDid:76337date:2015-08-13T00:00:00
db:JVNDBid:JVNDB-2015-004222date:2015-08-20T00:00:00
db:CNNVDid:CNNVD-201508-234date:2015-08-19T00:00:00
db:NVDid:CVE-2015-5759date:2015-08-17T00:00:42.673