ID

VAR-201509-0091


CVE

CVE-2015-5863


TITLE

Apple iOS of IOStorageFamily Vulnerabilities in which important information is obtained from kernel memory

Trust: 0.8

sources: JVNDB: JVNDB-2015-004747

DESCRIPTION

IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 2.07

sources: NVD: CVE-2015-5863 // JVNDB: JVNDB-2015-004747 // BID: 76764 // VULHUB: VHN-83824 // VULMON: CVE-2015-5863

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 1.6

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004747 // CNNVD: CNNVD-201509-342 // NVD: CVE-2015-5863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5863
value: LOW

Trust: 1.0

NVD: CVE-2015-5863
value: LOW

Trust: 0.8

CNNVD: CNNVD-201509-342
value: LOW

Trust: 0.6

VULHUB: VHN-83824
value: LOW

Trust: 0.1

VULMON: CVE-2015-5863
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-5863
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83824
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83824 // VULMON: CVE-2015-5863 // JVNDB: JVNDB-2015-004747 // CNNVD: CNNVD-201509-342 // NVD: CVE-2015-5863

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-83824 // JVNDB: JVNDB-2015-004747 // NVD: CVE-2015-5863

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201509-342

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201509-342

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004747

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:APPLE-SA-2015-09-21-1 watchOS 2url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Trust: 0.8

title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Trust: 0.8

title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

Trust: 0.8

title:HT205267url:https://support.apple.com/en-us/HT205267

Trust: 0.8

title:HT205212url:https://support.apple.com/en-us/HT205212

Trust: 0.8

title:HT205213url:https://support.apple.com/en-us/HT205213

Trust: 0.8

title:HT205267url:http://support.apple.com/ja-jp/HT205267

Trust: 0.8

title:HT205212url:http://support.apple.com/ja-jp/HT205212

Trust: 0.8

title:HT205213url:http://support.apple.com/ja-jp/HT205213

Trust: 0.8

title:iTunes6464Setupurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57671

Trust: 0.6

title:iPhone7,1_9.0_13A344_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57670

Trust: 0.6

title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7

Trust: 0.1

sources: VULMON: CVE-2015-5863 // JVNDB: JVNDB-2015-004747 // CNNVD: CNNVD-201509-342

EXTERNAL IDS

db:NVDid:CVE-2015-5863

Trust: 2.9

db:BIDid:76764

Trust: 1.5

db:SECTRACKid:1033609

Trust: 1.2

db:JVNid:JVNVU97220341

Trust: 0.8

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNDBid:JVNDB-2015-004747

Trust: 0.8

db:CNNVDid:CNNVD-201509-342

Trust: 0.7

db:VULHUBid:VHN-83824

Trust: 0.1

db:VULMONid:CVE-2015-5863

Trust: 0.1

sources: VULHUB: VHN-83824 // VULMON: CVE-2015-5863 // BID: 76764 // JVNDB: JVNDB-2015-004747 // CNNVD: CNNVD-201509-342 // NVD: CVE-2015-5863

REFERENCES

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html

Trust: 1.8

url:https://support.apple.com/ht205212

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html

Trust: 1.2

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html

Trust: 1.2

url:http://www.securityfocus.com/bid/76764

Trust: 1.2

url:https://support.apple.com/ht205213

Trust: 1.2

url:https://support.apple.com/ht205267

Trust: 1.2

url:http://www.securitytracker.com/id/1033609

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5863

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97220341/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5863

Trust: 0.8

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/ipad/

Trust: 0.3

url:http://www.apple.com/iphone/

Trust: 0.3

url:http://www.apple.com/ipodtouch/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/apple-osx-networkextension-cve-2015-5831

Trust: 0.1

url:https://support.apple.com/kb/ht205267

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307

Trust: 0.1

sources: VULHUB: VHN-83824 // VULMON: CVE-2015-5863 // BID: 76764 // JVNDB: JVNDB-2015-004747 // CNNVD: CNNVD-201509-342 // NVD: CVE-2015-5863

CREDITS

Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,

Trust: 0.3

sources: BID: 76764

SOURCES

db:VULHUBid:VHN-83824
db:VULMONid:CVE-2015-5863
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004747
db:CNNVDid:CNNVD-201509-342
db:NVDid:CVE-2015-5863

LAST UPDATE DATE

2025-04-13T22:52:41.181000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-83824date:2016-12-22T00:00:00
db:VULMONid:CVE-2015-5863date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004747date:2015-10-06T00:00:00
db:CNNVDid:CNNVD-201509-342date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5863date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-83824date:2015-09-18T00:00:00
db:VULMONid:CVE-2015-5863date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004747date:2015-09-24T00:00:00
db:CNNVDid:CNNVD-201509-342date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5863date:2015-09-18T12:00:11.967