Sign-up

ID

VAR-201511-0014


CVE

CVE-2015-5787


TITLE

Apple iOS Vulnerability that could circumvent background execution restrictions in some kernels

Trust: 0.8

sources: JVNDB: JVNDB-2015-005998

DESCRIPTION

The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is fixed in iOS 8.4.1. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Kernel is one of the kernel components. The vulnerability stems from the fact that the program does not properly limit the debugging function

Trust: 1.98

sources: NVD: CVE-2015-5787 // JVNDB: JVNDB-2015-005998 // BID: 77704 // VULHUB: VHN-83748

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.4

Trust: 1.0

vendor:applemodel:iosscope:ltversion:8.4.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:8.4.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:8.4.1

Trust: 0.3

sources: BID: 77704 // JVNDB: JVNDB-2015-005998 // CNNVD: CNNVD-201511-388 // NVD: CVE-2015-5787

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5787
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5787
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-388
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83748
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5787
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-83748
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83748 // JVNDB: JVNDB-2015-005998 // CNNVD: CNNVD-201511-388 // NVD: CVE-2015-5787

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-83748 // JVNDB: JVNDB-2015-005998 // NVD: CVE-2015-5787

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-388

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201511-388

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005998

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-08-13-3 iOS 8.4.1url:http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Trust: 0.8
title:HT205030url:https://support.apple.com/en-us/HT205030
Trust: 0.8
title:HT205030url:http://support.apple.com/ja-jp/HT205030
Trust: 0.8
title:Apple iOS kernel Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58837
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005998 // 
            
            
            
            CNNVD: CNNVD-201511-388

EXTERNAL IDS
db:NVDid:CVE-2015-5787
Trust: 2.8
db:JVNid:JVNVU94440136
Trust: 0.8
db:JVNDBid:JVNDB-2015-005998
Trust: 0.8
db:CNNVDid:CNNVD-201511-388
Trust: 0.7
db:BIDid:77704
Trust: 0.4
db:VULHUBid:VHN-83748
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83748 // 
            
            
            
            BID: 77704 // 
            
            
            
            JVNDB: JVNDB-2015-005998 // 
            
            
            
            CNNVD: CNNVD-201511-388 // 
            
            
            
            NVD: CVE-2015-5787

REFERENCES
url:https://support.apple.com/kb/ht205030
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5787
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94440136/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5787
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:https://support.apple.com/en-us/ht205030
Trust: 0.3
sources:
            
            
            VULHUB: VHN-83748 // 
            
            
            
            BID: 77704 // 
            
            
            
            JVNDB: JVNDB-2015-005998 // 
            
            
            
            CNNVD: CNNVD-201511-388 // 
            
            
            
            NVD: CVE-2015-5787

CREDITS
Alessandro Reina, Mattia Pagnozzi and Stefano Bianchi Mazzone of FireEye
Trust: 0.3
sources:
            
            
            BID: 77704

SOURCES
db:VULHUBid:VHN-83748
db:BIDid:77704
db:JVNDBid:JVNDB-2015-005998
db:CNNVDid:CNNVD-201511-388
db:NVDid:CVE-2015-5787

LAST UPDATE DATE
2025-04-12T20:42:45.361000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83748date:2015-11-23T00:00:00
db:BIDid:77704date:2015-11-23T00:00:00
db:JVNDBid:JVNDB-2015-005998date:2015-11-24T00:00:00
db:CNNVDid:CNNVD-201511-388date:2015-11-27T00:00:00
db:NVDid:CVE-2015-5787date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83748date:2015-11-22T00:00:00
db:BIDid:77704date:2015-11-23T00:00:00
db:JVNDBid:JVNDB-2015-005998date:2015-11-24T00:00:00
db:CNNVDid:CNNVD-201511-388date:2015-11-23T00:00:00
db:NVDid:CVE-2015-5787date:2015-11-22T03:59:00.107