Details of VAR-201512-0114

ID

VAR-201512-0114

CVE

CVE-2015-7080

TITLE

Apple iOS of Siri Vulnerability bypasses client-side protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2015-006359

DESCRIPTION

Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. Apple iOS is an operating system developed by Apple for mobile phones and the like. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, execute arbitrary code, spoof the source URI of a site presented to an unsuspecting user. Failed exploit attempts may cause a denial-of-service condition. Versions prior to iOS 9.2 are vulnerable. Siri is one of the voice control components

Trust: 2.52

sources: NVD: CVE-2015-7080 // JVNDB: JVNDB-2015-006359 // CNVD: CNVD-2015-08183 // BID: 78724 // VULHUB: VHN-85041

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-08183

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	9.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (ipod touch no. 5 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	9.2	Trust: 0.3

sources: CNVD: CNVD-2015-08183 // BID: 78724 // JVNDB: JVNDB-2015-006359 // CNNVD: CNNVD-201512-368 // NVD: CVE-2015-7080

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7080
value:	LOW
Trust: 1.0
NVD:	CVE-2015-7080
value:	LOW
Trust: 0.8
CNVD:	CNVD-2015-08183
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201512-368
value:	LOW
Trust: 0.6
VULHUB:	VHN-85041
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-7080
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-08183
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-85041
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-08183 // VULHUB: VHN-85041 // JVNDB: JVNDB-2015-006359 // CNNVD: CNNVD-201512-368 // NVD: CVE-2015-7080

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-85041 // JVNDB: JVNDB-2015-006359 // NVD: CVE-2015-7080

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201512-368

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-368

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006359

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-12-08-1 iOS 9.2	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Trust: 0.8
title:	HT205635	url:	https://support.apple.com/en-us/HT205635	Trust: 0.8
title:	HT205635	url:	http://support.apple.com/ja-jp/HT205635	Trust: 0.8
title:	Patch for Apple iOS siri security bypass vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/68310	Trust: 0.6
title:	Apple iOS Siri Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59186	Trust: 0.6

sources: CNVD: CNVD-2015-08183 // JVNDB: JVNDB-2015-006359 // CNNVD: CNNVD-201512-368

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7080	Trust: 3.4
db:	SECTRACK	id:	1034348	Trust: 1.1
db:	JVN	id:	JVNVU97526033	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006359	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-368	Trust: 0.7
db:	CNVD	id:	CNVD-2015-08183	Trust: 0.6
db:	BID	id:	78724	Trust: 0.3
db:	VULHUB	id:	VHN-85041	Trust: 0.1

sources: CNVD: CNVD-2015-08183 // VULHUB: VHN-85041 // BID: 78724 // JVNDB: JVNDB-2015-006359 // CNNVD: CNNVD-201512-368 // NVD: CVE-2015-7080

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00000.html	Trust: 1.7
url:	https://support.apple.com/ht205635	Trust: 1.7
url:	http://www.securitytracker.com/id/1034348	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7080	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97526033/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7080	Trust: 0.8
url:	https://support.apple.com/en-us/ht205635	Trust: 0.6
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: CNVD: CNVD-2015-08183 // VULHUB: VHN-85041 // BID: 78724 // JVNDB: JVNDB-2015-006359 // CNNVD: CNNVD-201512-368 // NVD: CVE-2015-7080

CREDITS

Or Safran, Luca Todesco, PanguTeam and xisigr of Tencent's Xuanwu LAB

Trust: 0.3

sources: BID: 78724

SOURCES

db:	CNVD	id:	CNVD-2015-08183
db:	VULHUB	id:	VHN-85041
db:	BID	id:	78724
db:	JVNDB	id:	JVNDB-2015-006359
db:	CNNVD	id:	CNNVD-201512-368
db:	NVD	id:	CVE-2015-7080

LAST UPDATE DATE

2025-04-13T22:40:47.586000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-08183	date:	2015-12-15T00:00:00
db:	VULHUB	id:	VHN-85041	date:	2016-12-07T00:00:00
db:	BID	id:	78724	date:	2015-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-006359	date:	2015-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201512-368	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-7080	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-08183	date:	2015-12-15T00:00:00
db:	VULHUB	id:	VHN-85041	date:	2015-12-11T00:00:00
db:	BID	id:	78724	date:	2015-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-006359	date:	2015-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201512-368	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-7080	date:	2015-12-11T11:59:45.673