Sign-up

ID

VAR-201510-0175


CVE

CVE-2015-7012


TITLE

Apple iOS Used in etc. WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-005547

DESCRIPTION

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. Apple iOS , Safari and iTunes Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious web page. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; Apple TV is a high-definition television set-top box product. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit used in several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.1, Safari versions prior to 9.0.1, and iTunes versions prior to 12.3.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-5 iTunes 12.3.1 iTunes 12.3.1 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-5931 CVE-2015-7002 : Apple CVE-2015-7011 : Apple CVE-2015-7012 : Apple CVE-2015-7013 : Apple CVE-2015-7014 iTunes Available for: Windows 7 and later Impact: Applications that use CoreText may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Installation note: iTunes 12.3.1 may be obtained from: http://www.apple.com/itunes/download/ You may also update to the latest version of iTunes via Apple Software Update, which can be found in the Start menu. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuK0AAoJEBcWfLTuOo7tFqsP/i4hhZ9050OUg8jdzLx7ql9b pw0VB3uCssp4c7m6U/Dr90sgAAG1BRqNZF5jE0ItWfaeVxUtny9iHvj9MF5mhU4O 1hd/+f9iVeA2chOi63jVBYl/RTON/HLG0EukNAt57H7UNcnpGOJMwPxciDgHb5mi GEQEo3Q9bM2B9ReMcxCenVWBJ+e02l4iAqFBeV09BgAYvbaTvAQamjSeXkKyodI3 AkHmUuq6qWx9ka3EcMkEtm/agI2fKewlfI3WgpotkBx2lrZGUeFiuD21Nmq0diL8 O6tWt3FG4FsdrbPN7rm1NtPQq+fAnHn3EWCrpz32LB6Dh6NTqTLLesVDD5BCCK4p TanM1TlaRPVuBxg6oCLreNN8IHAx25vhCLEsAw9GMl5JRhmBL9IjTczt91zFAAjX fdW1bhq2O283MrRqZxvJW3eBti4IMr+cZtP9+OdlK+8zGx91LdvWNcuMS5Eg2W5T Auwf4ZfHmVCX5DDe2wgeUqe14eTpDomCI4S4utyh6jVtA0+b7V7FEBVlqc760ThO Gj7W4it3Ljosw6/VQodEPDiesbvhw+Cn7FcTHKxV7fgz+tLFSlEcox5BU0m/ardJ xWJ6c7qrT8TKkE4wYGHWljhWx7o6SkU/60BYZo5FNAYllYC1bp2rQTa7G79fjMvM eXiT4RZimmMNlbqwFKHQ =4LVn -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2015-7012 // JVNDB: JVNDB-2015-005547 // BID: 77267 // VULHUB: VHN-84973 // PACKETSTORM: 134054 // PACKETSTORM: 134056

AFFECTED PRODUCTS

vendor:applemodel:itunesscope:lteversion:12.3.0

Trust: 1.0

vendor:applemodel:safariscope:lteversion:9.0

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:9.0.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.3.1 (windows 7 or later )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:9.0.1 (os x el capitan v10.11)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:9.0.1 (os x mavericks v10.9.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:9.0.1 (os x yosemite v10.10.5)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:9.0

Trust: 0.6

vendor:applemodel:itunesscope:eqversion:12.3.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.0.2

Trust: 0.6

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

sources: BID: 77267 // JVNDB: JVNDB-2015-005547 // CNNVD: CNNVD-201510-553 // NVD: CVE-2015-7012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7012
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7012
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-553
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84973
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7012
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84973
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84973 // JVNDB: JVNDB-2015-005547 // CNNVD: CNNVD-201510-553 // NVD: CVE-2015-7012

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-84973 // JVNDB: JVNDB-2015-005547 // NVD: CVE-2015-7012

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-553

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201510-553

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005547

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-10-21-1 iOS 9.1url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html
Trust: 0.8
title:APPLE-SA-2015-10-21-3 Safari 9.0.1url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html
Trust: 0.8
title:APPLE-SA-2015-10-21-5 iTunes 12.3.1url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html
Trust: 0.8
title:HT205372url:https://support.apple.com/en-us/HT205372
Trust: 0.8
title:HT205370url:https://support.apple.com/en-us/HT205370
Trust: 0.8
title:HT205377url:https://support.apple.com/en-us/HT205377
Trust: 0.8
title:HT205370url:http://support.apple.com/ja-jp/HT205370
Trust: 0.8
title:HT205377url:http://support.apple.com/ja-jp/HT205377
Trust: 0.8
title:HT205372url:http://support.apple.com/ja-jp/HT205372
Trust: 0.8
title:Multiple Apple product WebKit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58397
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005547 // 
            
            
            
            CNNVD: CNNVD-201510-553

EXTERNAL IDS
db:NVDid:CVE-2015-7012
Trust: 3.0
db:BIDid:77267
Trust: 1.4
db:SECTRACKid:1033929
Trust: 1.1
db:JVNid:JVNVU92655282
Trust: 0.8
db:JVNDBid:JVNDB-2015-005547
Trust: 0.8
db:CNNVDid:CNNVD-201510-553
Trust: 0.7
db:VULHUBid:VHN-84973
Trust: 0.1
db:PACKETSTORMid:134054
Trust: 0.1
db:PACKETSTORMid:134056
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84973 // 
            
            
            
            BID: 77267 // 
            
            
            
            JVNDB: JVNDB-2015-005547 // 
            
            
            
            PACKETSTORM: 134054 // 
            
            
            
            PACKETSTORM: 134056 // 
            
            
            
            CNNVD: CNNVD-201510-553 // 
            
            
            
            NVD: CVE-2015-7012

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00004.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00006.html
Trust: 1.7
url:https://support.apple.com/ht205370
Trust: 1.7
url:https://support.apple.com/ht205372
Trust: 1.7
url:https://support.apple.com/ht205377
Trust: 1.7
url:http://www.securityfocus.com/bid/77267
Trust: 1.1
url:http://www.securitytracker.com/id/1033929
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7012
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92655282/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7012
Trust: 0.8
url:http://www.apple.com/safari/download/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2015-7002
Trust: 0.2
url:https://support.apple.com/kb/ht201222
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-5929
Trust: 0.2
url:https://www.apple.com/support/security/pgp/
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-5930
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-5931
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7013
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-5928
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7012
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7014
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7011
Trust: 0.2
url:http://gpgtools.org
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-6975
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7017
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-6992
Trust: 0.1
url:http://www.apple.com/itunes/download/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84973 // 
            
            
            
            BID: 77267 // 
            
            
            
            JVNDB: JVNDB-2015-005547 // 
            
            
            
            PACKETSTORM: 134054 // 
            
            
            
            PACKETSTORM: 134056 // 
            
            
            
            CNNVD: CNNVD-201510-553 // 
            
            
            
            NVD: CVE-2015-7012

CREDITS
Apple
Trust: 0.5
sources:
            
            
            BID: 77267 // 
            
            
            
            PACKETSTORM: 134054 // 
            
            
            
            PACKETSTORM: 134056

SOURCES
db:VULHUBid:VHN-84973
db:BIDid:77267
db:JVNDBid:JVNDB-2015-005547
db:PACKETSTORMid:134054
db:PACKETSTORMid:134056
db:CNNVDid:CNNVD-201510-553
db:NVDid:CVE-2015-7012

LAST UPDATE DATE
2025-04-13T20:43:15.638000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84973date:2016-12-24T00:00:00
db:BIDid:77267date:2016-02-02T20:04:00
db:JVNDBid:JVNDB-2015-005547date:2015-10-27T00:00:00
db:CNNVDid:CNNVD-201510-553date:2015-10-26T00:00:00
db:NVDid:CVE-2015-7012date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84973date:2015-10-23T00:00:00
db:BIDid:77267date:2015-10-21T00:00:00
db:JVNDBid:JVNDB-2015-005547date:2015-10-27T00:00:00
db:PACKETSTORMid:134054date:2015-10-21T19:22:22
db:PACKETSTORMid:134056date:2015-10-21T19:33:33
db:CNNVDid:CNNVD-201510-553date:2015-10-26T00:00:00
db:NVDid:CVE-2015-7012date:2015-10-23T21:59:47.050