Sign-up

ID

VAR-201508-0107


CVE

CVE-2015-5752


TITLE

Apple iOS Vulnerabilities that prevent access to the file system from being backed up

Trust: 0.8

sources: JVNDB: JVNDB-2015-004221

DESCRIPTION

Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to access sensitive information, perform unauthorized actions, bypass security restrictions, and perform other attacks. Versions prior to iOS 8.4.1 are vulnerable. Note: The issue described by CVE-2015-3778 has been removed. The issue is discussed in BID 83590 (Apple Mac OS X and iOS CVE-2015-3778 Information Disclosure Vulnerability). Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2015-5752 // JVNDB: JVNDB-2015-004221 // BID: 76337 // VULHUB: VHN-83713

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.4

Trust: 1.0

vendor:applemodel:iosscope:ltversion:8.4.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.4

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:4.0

Trust: 0.3

sources: BID: 76337 // JVNDB: JVNDB-2015-004221 // CNNVD: CNNVD-201508-224 // NVD: CVE-2015-5752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5752
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5752
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-224
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83713
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5752
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-83713
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83713 // JVNDB: JVNDB-2015-004221 // CNNVD: CNNVD-201508-224 // NVD: CVE-2015-5752

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.9

sources: VULHUB: VHN-83713 // JVNDB: JVNDB-2015-004221 // NVD: CVE-2015-5752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-224

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-201508-224

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004221

PATCH
title:Apple security updatesurl:http://support.apple.com/en-us/HT1222
Trust: 0.8
title:APPLE-SA-2015-08-13-3 iOS 8.4.1url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Trust: 0.8
title:HT205030url:http://support.apple.com/en-us/HT205030
Trust: 0.8
title:HT205030url:http://support.apple.com/ja-jp/HT205030
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004221

EXTERNAL IDS
db:NVDid:CVE-2015-5752
Trust: 2.8
db:BIDid:76337
Trust: 2.0
db:SECTRACKid:1033275
Trust: 1.1
db:JVNid:JVNVU94440136
Trust: 0.8
db:JVNDBid:JVNDB-2015-004221
Trust: 0.8
db:CNNVDid:CNNVD-201508-224
Trust: 0.7
db:VULHUBid:VHN-83713
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83713 // 
            
            
            
            BID: 76337 // 
            
            
            
            JVNDB: JVNDB-2015-004221 // 
            
            
            
            CNNVD: CNNVD-201508-224 // 
            
            
            
            NVD: CVE-2015-5752

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html
Trust: 1.7
url:http://www.securityfocus.com/bid/76337
Trust: 1.7
url:https://support.apple.com/kb/ht205030
Trust: 1.7
url:http://www.securitytracker.com/id/1033275
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5752
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94440136/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5752
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-83713 // 
            
            
            
            BID: 76337 // 
            
            
            
            JVNDB: JVNDB-2015-004221 // 
            
            
            
            CNNVD: CNNVD-201508-224 // 
            
            
            
            NVD: CVE-2015-5752

CREDITS
evad3rs, TaiG Jailbreak Team, Cererdlong of Alibaba Mobile Security Team, Phillip Moon and Matt Weston of Sandfield, TaiG Jailbreak Team, FireEye, Proteas of Qihoo 360 Nirvan Team, Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201508-224

SOURCES
db:VULHUBid:VHN-83713
db:BIDid:76337
db:JVNDBid:JVNDB-2015-004221
db:CNNVDid:CNNVD-201508-224
db:NVDid:CVE-2015-5752

LAST UPDATE DATE
2025-04-13T22:39:07.898000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83713date:2016-12-24T00:00:00
db:BIDid:76337date:2016-07-05T21:35:00
db:JVNDBid:JVNDB-2015-004221date:2015-08-20T00:00:00
db:CNNVDid:CNNVD-201508-224date:2015-08-21T00:00:00
db:NVDid:CVE-2015-5752date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83713date:2015-08-17T00:00:00
db:BIDid:76337date:2015-08-13T00:00:00
db:JVNDBid:JVNDB-2015-004221date:2015-08-20T00:00:00
db:CNNVDid:CNNVD-201508-224date:2015-08-19T00:00:00
db:NVDid:CVE-2015-5752date:2015-08-17T00:00:32.377