Sign-up

ID

VAR-201509-0067


CVE

CVE-2015-5832


TITLE

Apple iOS of iTunes Store Vulnerabilities that can capture important information in components

Trust: 0.8

sources: JVNDB: JVNDB-2015-004807

DESCRIPTION

The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. The iTunes Store is one of the digital media online store components with proprietary software as the interface. The vulnerability stems from the fact that the program does not correctly delete the AppleID certificate in the key chain when the user executes the logout operation. An attacker in physical proximity could exploit this vulnerability to obtain sensitive information

Trust: 1.98

sources: NVD: CVE-2015-5832 // JVNDB: JVNDB-2015-004807 // BID: 76764 // VULHUB: VHN-83793

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004807 // CNNVD: CNNVD-201509-318 // NVD: CVE-2015-5832

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5832
value: LOW

Trust: 1.0

NVD: CVE-2015-5832
value: LOW

Trust: 0.8

CNNVD: CNNVD-201509-318
value: LOW

Trust: 0.6

VULHUB: VHN-83793
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-5832
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-83793
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83793 // JVNDB: JVNDB-2015-004807 // CNNVD: CNNVD-201509-318 // NVD: CVE-2015-5832

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-83793 // JVNDB: JVNDB-2015-004807 // NVD: CVE-2015-5832

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201509-318

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201509-318

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004807

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
Trust: 0.8
title:HT205212url:https://support.apple.com/en-us/HT205212
Trust: 0.8
title:HT205212url:http://support.apple.com/ja-jp/HT205212
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004807

EXTERNAL IDS
db:NVDid:CVE-2015-5832
Trust: 2.8
db:BIDid:76764
Trust: 1.4
db:SECTRACKid:1033609
Trust: 1.1
db:JVNid:JVNVU99970459
Trust: 0.8
db:JVNDBid:JVNDB-2015-004807
Trust: 0.8
db:CNNVDid:CNNVD-201509-318
Trust: 0.7
db:VULHUBid:VHN-83793
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83793 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004807 // 
            
            
            
            CNNVD: CNNVD-201509-318 // 
            
            
            
            NVD: CVE-2015-5832

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html
Trust: 1.7
url:https://support.apple.com/ht205212
Trust: 1.7
url:http://www.securityfocus.com/bid/76764
Trust: 1.1
url:http://www.securitytracker.com/id/1033609
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5832
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99970459/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5832
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-83793 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004807 // 
            
            
            
            CNNVD: CNNVD-201509-318 // 
            
            
            
            NVD: CVE-2015-5832

CREDITS
Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,
Trust: 0.3
sources:
            
            
            BID: 76764

SOURCES
db:VULHUBid:VHN-83793
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004807
db:CNNVDid:CNNVD-201509-318
db:NVDid:CVE-2015-5832

LAST UPDATE DATE
2025-04-13T21:30:38.155000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83793date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004807date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-318date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5832date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83793date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004807date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-318date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5832date:2015-09-18T10:59:49.237