Details of VAR-201509-0077

ID

VAR-201509-0077

CVE

CVE-2015-5844

TITLE

Apple iOS Of the kernel IOKit Vulnerable to arbitrary code execution in a privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2015-004741

DESCRIPTION

IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 1.98

sources: NVD: CVE-2015-5844 // JVNDB: JVNDB-2015-004741 // BID: 76764 // VULHUB: VHN-83805

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 1.6
vendor:	apple	model:	iphone os	scope:	lte	version:	8.4.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2 (apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2 (apple watch sport)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2 (apple watch)	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004741 // CNNVD: CNNVD-201509-328 // NVD: CVE-2015-5844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5844
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-5844
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201509-328
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-83805
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-5844
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-83805
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83805 // JVNDB: JVNDB-2015-004741 // CNNVD: CNNVD-201509-328 // NVD: CVE-2015-5844

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-83805 // JVNDB: JVNDB-2015-004741 // NVD: CVE-2015-5844

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-328

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201509-328

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004741

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-21-1 watchOS 2	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html	Trust: 0.8
title:	APPLE-SA-2015-09-16-1 iOS 9	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html	Trust: 0.8
title:	HT205212	url:	https://support.apple.com/en-us/HT205212	Trust: 0.8
title:	HT205213	url:	https://support.apple.com/en-us/HT205213	Trust: 0.8
title:	HT205212	url:	http://support.apple.com/ja-jp/HT205212	Trust: 0.8
title:	HT205213	url:	http://support.apple.com/ja-jp/HT205213	Trust: 0.8
title:	iTunes6464Setup	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57671	Trust: 0.6
title:	iPhone7,1_9.0_13A344_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57670	Trust: 0.6

sources: JVNDB: JVNDB-2015-004741 // CNNVD: CNNVD-201509-328

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5844	Trust: 2.8
db:	BID	id:	76764	Trust: 1.4
db:	SECTRACK	id:	1033609	Trust: 1.1
db:	JVN	id:	JVNVU99970459	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004741	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-328	Trust: 0.7
db:	VULHUB	id:	VHN-83805	Trust: 0.1

sources: VULHUB: VHN-83805 // BID: 76764 // JVNDB: JVNDB-2015-004741 // CNNVD: CNNVD-201509-328 // NVD: CVE-2015-5844

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html	Trust: 1.7
url:	https://support.apple.com/ht205212	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/76764	Trust: 1.1
url:	https://support.apple.com/ht205213	Trust: 1.1
url:	http://www.securitytracker.com/id/1033609	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5844	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99970459/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5844	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-83805 // BID: 76764 // JVNDB: JVNDB-2015-004741 // CNNVD: CNNVD-201509-328 // NVD: CVE-2015-5844

CREDITS

Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,

Trust: 0.3

sources: BID: 76764

SOURCES

db:	VULHUB	id:	VHN-83805
db:	BID	id:	76764
db:	JVNDB	id:	JVNDB-2015-004741
db:	CNNVD	id:	CNNVD-201509-328
db:	NVD	id:	CVE-2015-5844

LAST UPDATE DATE

2025-04-13T22:22:49.686000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83805	date:	2016-12-22T00:00:00
db:	BID	id:	76764	date:	2015-11-03T19:44:00
db:	JVNDB	id:	JVNDB-2015-004741	date:	2015-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201509-328	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-5844	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83805	date:	2015-09-18T00:00:00
db:	BID	id:	76764	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004741	date:	2015-09-24T00:00:00
db:	CNNVD	id:	CNNVD-201509-328	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-5844	date:	2015-09-18T10:59:58.407