Sign-up

ID

VAR-201509-0034


CVE

CVE-2015-5880


TITLE

Apple iOS of CoreAnimation In IOSurface Vulnerabilities that circumvent the restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2015-004820

DESCRIPTION

CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. CoreAnimation is one of the animation processing API components

Trust: 1.98

sources: NVD: CVE-2015-5880 // JVNDB: JVNDB-2015-004820 // BID: 76764 // VULHUB: VHN-83841

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004820 // CNNVD: CNNVD-201509-349 // NVD: CVE-2015-5880

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5880
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5880
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-349
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83841
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5880
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-83841
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83841 // JVNDB: JVNDB-2015-004820 // CNNVD: CNNVD-201509-349 // NVD: CVE-2015-5880

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-83841 // JVNDB: JVNDB-2015-004820 // NVD: CVE-2015-5880

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-349

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201509-349

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004820

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
Trust: 0.8
title:HT205212url:https://support.apple.com/en-us/HT205212
Trust: 0.8
title:HT205212url:http://support.apple.com/ja-jp/HT205212
Trust: 0.8
title:iTunes6464Setupurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57671
Trust: 0.6
title:iPhone7,1_9.0_13A344_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57670
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-004820 // 
            
            
            
            CNNVD: CNNVD-201509-349

EXTERNAL IDS
db:NVDid:CVE-2015-5880
Trust: 2.8
db:BIDid:76764
Trust: 1.4
db:SECTRACKid:1033609
Trust: 1.1
db:JVNid:JVNVU99970459
Trust: 0.8
db:JVNDBid:JVNDB-2015-004820
Trust: 0.8
db:CNNVDid:CNNVD-201509-349
Trust: 0.7
db:VULHUBid:VHN-83841
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83841 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004820 // 
            
            
            
            CNNVD: CNNVD-201509-349 // 
            
            
            
            NVD: CVE-2015-5880

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html
Trust: 1.7
url:https://support.apple.com/ht205212
Trust: 1.7
url:http://www.securityfocus.com/bid/76764
Trust: 1.1
url:http://www.securitytracker.com/id/1033609
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5880
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99970459/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5880
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-83841 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004820 // 
            
            
            
            CNNVD: CNNVD-201509-349 // 
            
            
            
            NVD: CVE-2015-5880

CREDITS
Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,
Trust: 0.3
sources:
            
            
            BID: 76764

SOURCES
db:VULHUBid:VHN-83841
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004820
db:CNNVDid:CNNVD-201509-349
db:NVDid:CVE-2015-5880

LAST UPDATE DATE
2025-04-13T21:50:22.586000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83841date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004820date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-349date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5880date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83841date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004820date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-349date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5880date:2015-09-18T12:00:19.857