Sign-up

ID

VAR-201509-0071


CVE

CVE-2015-5838


TITLE

Apple iOS of Springboard Vulnerable to disguised dialog window for arbitrary applications

Trust: 0.8

sources: JVNDB: JVNDB-2015-004809

DESCRIPTION

SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlAn attacker could impersonate a dialog window of an arbitrary application through a crafted application. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Springboard is a desktop for Apple iDevice. The vulnerability stems from the incorrect use of private API calls by the program

Trust: 1.98

sources: NVD: CVE-2015-5838 // JVNDB: JVNDB-2015-004809 // BID: 76764 // VULHUB: VHN-83799

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004809 // CNNVD: CNNVD-201509-322 // NVD: CVE-2015-5838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5838
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5838
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-322
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83799
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5838
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-83799
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83799 // JVNDB: JVNDB-2015-004809 // CNNVD: CNNVD-201509-322 // NVD: CVE-2015-5838

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-83799 // JVNDB: JVNDB-2015-004809 // NVD: CVE-2015-5838

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-322

TYPE

Unknown

Trust: 0.3

sources: BID: 76764

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004809

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
Trust: 0.8
title:HT205212url:https://support.apple.com/en-us/HT205212
Trust: 0.8
title:HT205212url:http://support.apple.com/ja-jp/HT205212
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004809

EXTERNAL IDS
db:NVDid:CVE-2015-5838
Trust: 2.8
db:BIDid:76764
Trust: 1.4
db:SECTRACKid:1033609
Trust: 1.1
db:JVNid:JVNVU99970459
Trust: 0.8
db:JVNDBid:JVNDB-2015-004809
Trust: 0.8
db:CNNVDid:CNNVD-201509-322
Trust: 0.7
db:VULHUBid:VHN-83799
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83799 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004809 // 
            
            
            
            CNNVD: CNNVD-201509-322 // 
            
            
            
            NVD: CVE-2015-5838

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html
Trust: 1.7
url:https://support.apple.com/ht205212
Trust: 1.7
url:http://www.securityfocus.com/bid/76764
Trust: 1.1
url:http://www.securitytracker.com/id/1033609
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5838
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99970459/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5838
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-83799 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004809 // 
            
            
            
            CNNVD: CNNVD-201509-322 // 
            
            
            
            NVD: CVE-2015-5838

CREDITS
Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,
Trust: 0.3
sources:
            
            
            BID: 76764

SOURCES
db:VULHUBid:VHN-83799
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004809
db:CNNVDid:CNNVD-201509-322
db:NVDid:CVE-2015-5838

LAST UPDATE DATE
2025-04-13T22:38:02.084000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83799date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004809date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-322date:2015-09-22T00:00:00
db:NVDid:CVE-2015-5838date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83799date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004809date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-322date:2015-09-22T00:00:00
db:NVDid:CVE-2015-5838date:2015-09-18T10:59:53.080