Sign-up

ID

VAR-201510-0164


CVE

CVE-2015-7000


TITLE

Apple iOS Vulnerability in which important information is obtained in the notification center

Trust: 0.8

sources: JVNDB: JVNDB-2015-005532

DESCRIPTION

Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial-of-service condition; this may aid in launching further attacks. Versions prior to iOS 9.1 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Notification Center is one of the components that displays system notifications

Trust: 1.98

sources: NVD: CVE-2015-7000 // JVNDB: JVNDB-2015-005532 // BID: 77268 // VULHUB: VHN-84961

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:9.0.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.0.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

sources: BID: 77268 // JVNDB: JVNDB-2015-005532 // CNNVD: CNNVD-201510-501 // NVD: CVE-2015-7000

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7000
value: LOW

Trust: 1.0

NVD: CVE-2015-7000
value: LOW

Trust: 0.8

CNNVD: CNNVD-201510-501
value: LOW

Trust: 0.6

VULHUB: VHN-84961
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-7000
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84961
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84961 // JVNDB: JVNDB-2015-005532 // CNNVD: CNNVD-201510-501 // NVD: CVE-2015-7000

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84961 // JVNDB: JVNDB-2015-005532 // NVD: CVE-2015-7000

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-501

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-501

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005532

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-10-21-1 iOS 9.1url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html
Trust: 0.8
title:HT205370url:https://support.apple.com/en-us/HT205370
Trust: 0.8
title:HT205370url:http://support.apple.com/ja-jp/HT205370
Trust: 0.8
title:Apple iOS Notification Center Fixes for component information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58345
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005532 // 
            
            
            
            CNNVD: CNNVD-201510-501

EXTERNAL IDS
db:NVDid:CVE-2015-7000
Trust: 2.8
db:BIDid:77268
Trust: 1.4
db:SECTRACKid:1033929
Trust: 1.1
db:JVNid:JVNVU92655282
Trust: 0.8
db:JVNDBid:JVNDB-2015-005532
Trust: 0.8
db:CNNVDid:CNNVD-201510-501
Trust: 0.7
db:VULHUBid:VHN-84961
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84961 // 
            
            
            
            BID: 77268 // 
            
            
            
            JVNDB: JVNDB-2015-005532 // 
            
            
            
            CNNVD: CNNVD-201510-501 // 
            
            
            
            NVD: CVE-2015-7000

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html
Trust: 1.7
url:https://support.apple.com/ht205370
Trust: 1.7
url:http://www.securityfocus.com/bid/77268
Trust: 1.1
url:http://www.securitytracker.com/id/1033929
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7000
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92655282/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7000
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84961 // 
            
            
            
            BID: 77268 // 
            
            
            
            JVNDB: JVNDB-2015-005532 // 
            
            
            
            CNNVD: CNNVD-201510-501 // 
            
            
            
            NVD: CVE-2015-7000

CREDITS
PanguTeam, Proteas of Qihoo 360 Nirvan Team, Sergi Alvarez (pancake) of NowSecure Research Team, William Redwood of Hampton School and Andreas Kurtz of NESO Security Labs.
Trust: 0.3
sources:
            
            
            BID: 77268

SOURCES
db:VULHUBid:VHN-84961
db:BIDid:77268
db:JVNDBid:JVNDB-2015-005532
db:CNNVDid:CNNVD-201510-501
db:NVDid:CVE-2015-7000

LAST UPDATE DATE
2025-04-13T21:49:09.986000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84961date:2016-12-24T00:00:00
db:BIDid:77268date:2016-01-12T01:57:00
db:JVNDBid:JVNDB-2015-005532date:2015-10-26T00:00:00
db:CNNVDid:CNNVD-201510-501date:2015-10-26T00:00:00
db:NVDid:CVE-2015-7000date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84961date:2015-10-23T00:00:00
db:BIDid:77268date:2015-10-21T00:00:00
db:JVNDBid:JVNDB-2015-005532date:2015-10-26T00:00:00
db:CNNVDid:CNNVD-201510-501date:2015-10-26T00:00:00
db:NVDid:CVE-2015-7000date:2015-10-23T10:59:09.553