Sign-up

ID

VAR-201509-0092


CVE

CVE-2015-5867


TITLE

Apple iOS of IOHIDFamily Vulnerable to arbitrary code execution in a privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2015-004818

DESCRIPTION

IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 2.07

sources: NVD: CVE-2015-5867 // JVNDB: JVNDB-2015-004818 // BID: 76764 // VULHUB: VHN-83828 // VULMON: CVE-2015-5867

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 1.6

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004818 // CNNVD: CNNVD-201509-343 // NVD: CVE-2015-5867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5867
value: HIGH

Trust: 1.0

NVD: CVE-2015-5867
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201509-343
value: CRITICAL

Trust: 0.6

VULHUB: VHN-83828
value: HIGH

Trust: 0.1

VULMON: CVE-2015-5867
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-5867
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83828
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83828 // VULMON: CVE-2015-5867 // JVNDB: JVNDB-2015-004818 // CNNVD: CNNVD-201509-343 // NVD: CVE-2015-5867

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-83828 // JVNDB: JVNDB-2015-004818 // NVD: CVE-2015-5867

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-343

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201509-343

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004818

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205212url:https://support.apple.com/en-us/HT205212
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:HT205212url:http://support.apple.com/ja-jp/HT205212
Trust: 0.8
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5867 // 
            
            
            
            JVNDB: JVNDB-2015-004818

EXTERNAL IDS
db:NVDid:CVE-2015-5867
Trust: 2.9
db:BIDid:76764
Trust: 1.5
db:SECTRACKid:1033609
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNid:JVNVU99970459
Trust: 0.8
db:JVNDBid:JVNDB-2015-004818
Trust: 0.8
db:CNNVDid:CNNVD-201509-343
Trust: 0.7
db:VULHUBid:VHN-83828
Trust: 0.1
db:VULMONid:CVE-2015-5867
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83828 // 
            
            
            
            VULMON: CVE-2015-5867 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004818 // 
            
            
            
            CNNVD: CNNVD-201509-343 // 
            
            
            
            NVD: CVE-2015-5867

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html
Trust: 1.8
url:https://support.apple.com/ht205212
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.2
url:http://www.securityfocus.com/bid/76764
Trust: 1.2
url:https://support.apple.com/ht205267
Trust: 1.2
url:http://www.securitytracker.com/id/1033609
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5867
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99970459/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5867
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-networkextension-cve-2015-5831
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83828 // 
            
            
            
            VULMON: CVE-2015-5867 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004818 // 
            
            
            
            CNNVD: CNNVD-201509-343 // 
            
            
            
            NVD: CVE-2015-5867

CREDITS
Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,
Trust: 0.3
sources:
            
            
            BID: 76764

SOURCES
db:VULHUBid:VHN-83828
db:VULMONid:CVE-2015-5867
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004818
db:CNNVDid:CNNVD-201509-343
db:NVDid:CVE-2015-5867

LAST UPDATE DATE
2025-04-13T20:07:09.174000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83828date:2016-12-22T00:00:00
db:VULMONid:CVE-2015-5867date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004818date:2015-10-06T00:00:00
db:CNNVDid:CNNVD-201509-343date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5867date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83828date:2015-09-18T00:00:00
db:VULMONid:CVE-2015-5867date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004818date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-343date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5867date:2015-09-18T12:00:12.997