Details of VAR-201508-0104

ID

VAR-201508-0104

CVE

CVE-2015-5749

TITLE

Apple iOS of Sandbox_profiles Vulnerabilities in components that bypass third-party application sandbox protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2015-004220

DESCRIPTION

The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to access sensitive information, perform unauthorized actions, bypass security restrictions, and perform other attacks. Versions prior to iOS 8.4.1 are vulnerable. Note: The issue described by CVE-2015-3778 has been removed. The issue is discussed in BID 83590 (Apple Mac OS X and iOS CVE-2015-3778 Information Disclosure Vulnerability). Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Sandbox Profiles is one of the Sandbox (Sandbox) components

Trust: 2.07

sources: NVD: CVE-2015-5749 // JVNDB: JVNDB-2015-004220 // BID: 76337 // VULHUB: VHN-83710 // VULMON: CVE-2015-5749

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.4	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.4.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.4	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 76337 // JVNDB: JVNDB-2015-004220 // CNNVD: CNNVD-201508-232 // NVD: CVE-2015-5749

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5749
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-5749
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201508-232
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83710
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-5749
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-5749
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83710
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83710 // VULMON: CVE-2015-5749 // JVNDB: JVNDB-2015-004220 // CNNVD: CNNVD-201508-232 // NVD: CVE-2015-5749

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-83710 // JVNDB: JVNDB-2015-004220 // NVD: CVE-2015-5749

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-232

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201508-232

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004220

PATCH

title:	Apple security updates	url:	http://support.apple.com/en-us/HT1222	Trust: 0.8
title:	APPLE-SA-2015-08-13-3 iOS 8.4.1	url:	http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html	Trust: 0.8
title:	HT205030	url:	http://support.apple.com/en-us/HT205030	Trust: 0.8
title:	HT205030	url:	http://support.apple.com/ja-jp/HT205030	Trust: 0.8
title:	osxupd10.10.5	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57197	Trust: 0.6
title:	iPhone7,1_8.4.1_12H321_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57198	Trust: 0.6
title:	Apple: Apple TV 7.2.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=7fd0c8e5493266a37a14d1b8b5c5ece7	Trust: 0.1
title:	Apple: iOS 8.4.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1e360caea44107f4b635ae5265ed4e38	Trust: 0.1

sources: VULMON: CVE-2015-5749 // JVNDB: JVNDB-2015-004220 // CNNVD: CNNVD-201508-232

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5749	Trust: 2.9
db:	BID	id:	76337	Trust: 2.1
db:	SECTRACK	id:	1033275	Trust: 1.2
db:	JVN	id:	JVNVU94440136	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004220	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-232	Trust: 0.7
db:	VULHUB	id:	VHN-83710	Trust: 0.1
db:	VULMON	id:	CVE-2015-5749	Trust: 0.1

sources: VULHUB: VHN-83710 // VULMON: CVE-2015-5749 // BID: 76337 // JVNDB: JVNDB-2015-004220 // CNNVD: CNNVD-201508-232 // NVD: CVE-2015-5749

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/76337	Trust: 1.8
url:	https://support.apple.com/kb/ht205030	Trust: 1.8
url:	http://www.securitytracker.com/id/1033275	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5749	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94440136/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5749	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-ios-cve-2015-3763	Trust: 0.1
url:	https://support.apple.com/kb/ht205795	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40486	Trust: 0.1

sources: VULHUB: VHN-83710 // VULMON: CVE-2015-5749 // BID: 76337 // JVNDB: JVNDB-2015-004220 // CNNVD: CNNVD-201508-232 // NVD: CVE-2015-5749

CREDITS

evad3rs, TaiG Jailbreak Team, Cererdlong of Alibaba Mobile Security Team, Phillip Moon and Matt Weston of Sandfield, TaiG Jailbreak Team, FireEye, Proteas of Qihoo 360 Nirvan Team, Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the

Trust: 0.6

sources: CNNVD: CNNVD-201508-232

SOURCES

db:	VULHUB	id:	VHN-83710
db:	VULMON	id:	CVE-2015-5749
db:	BID	id:	76337
db:	JVNDB	id:	JVNDB-2015-004220
db:	CNNVD	id:	CNNVD-201508-232
db:	NVD	id:	CVE-2015-5749

LAST UPDATE DATE

2025-04-13T20:37:16.310000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83710	date:	2016-12-24T00:00:00
db:	VULMON	id:	CVE-2015-5749	date:	2016-12-24T00:00:00
db:	BID	id:	76337	date:	2016-07-05T21:35:00
db:	JVNDB	id:	JVNDB-2015-004220	date:	2015-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201508-232	date:	2015-08-21T00:00:00
db:	NVD	id:	CVE-2015-5749	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83710	date:	2015-08-17T00:00:00
db:	VULMON	id:	CVE-2015-5749	date:	2015-08-17T00:00:00
db:	BID	id:	76337	date:	2015-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-004220	date:	2015-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201508-232	date:	2015-08-19T00:00:00
db:	NVD	id:	CVE-2015-5749	date:	2015-08-17T00:00:28.657