Details of VAR-201512-0123

ID

VAR-201512-0123

CVE

CVE-2015-7097

TITLE

Apple iOS Used in etc. WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-006328

DESCRIPTION

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103. Apple iOS , Safari ,and tvOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious web page. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit of several Apple products. The following products and versions are affected: Apple iOS 9.1 and earlier, Safari 9.0.1 and earlier, tvOS 9.0 and earlier. CVE-ID CVE-2015-7050 : Luke Li and Jonathan Metzman -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWa0HxAAoJEBcWfLTuOo7tL3sP/3IMYdGz6mTS98t6/aMJx8Ew okyR8nBT2M3ALNVxTJeVxRbHc11f75x9DVJMV4Q291MRqeX3b7wHBcvoizmOM66c bWNIqRdIYVub+WWwljBuzdsPIT0d9NlY8Htz9dbwtWmTPACYNKYr9ZUO1T9ntSer WCEBRql2VlpOpr12FfpRc2I52BisIF1pVm24QmsVfgJM156lWxFAjC+i6ESOeBnd waL4T5aw7+mZuoIbUSQvVsjEo2ay5wglAvPhYDlwpEMEY+w0U0E077qr/6LiLf9B MtxIz6i/rtPD4Ak+rKLdAbAGah0nWvVPomo4KI+xS+kxlmxEQY2Q7dUzDpCmviho ZMEgjoEFAouUa+mQC0w+CSxMyO5MS5ZDoZo14DHfkB978DDBjW88xAky4Row5gjX 97ZJ/+933eYqrcNLjc74CNoTDHw22YQ9bys05qJ2FovoTu0s+qsVWhx5tEehxJLr RTvBfc/49JNTracvb/uK7ShbUc9u6qj9g5tHCgLqU6KwFj/vafF5d/lQph4gz6NQ 2xAxKCQjzS6Hqalj0xjmw51b2rxZXjXW2Q4itRa+BVbG8Eb8Frp5yzj5h/m/pS5/ 5/yMR9vYDYXN8psVrSSPhFtpCz0jloeAWsSJk5nM+ReH4sUwRyS3dV7ONfyDxtvo jIfn9cPnOmCwLLCZl2E9 =eKwE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-5 Safari 9.0.2 Safari 9.0.2 is now available and addresses the following: WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7048 : Apple CVE-2015-7095 : Apple CVE-2015-7096 : Apple CVE-2015-7097 : Apple CVE-2015-7098 : Apple CVE-2015-7099 : Apple CVE-2015-7100 : Apple CVE-2015-7101 : Apple CVE-2015-7102 : Apple CVE-2015-7103 : Apple CVE-2015-7104 : Apple WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan 10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: An insufficient input validation issue existed in content blocking. This issue was addressed through improved content extension parsing. CVE-ID CVE-2015-7050 : Luke Li and Jonathan Metzman Installation note: Safari 9.0.2 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzRXAAoJEBcWfLTuOo7tp/kP/1QG495DAo4BKcJwr5oHxeK+ V0cld44Ot1F9+m8Pd2Il5kkE2mxEGnvOdtEQM0mOT80qfdTVi9zD4ypnFWkBcob1 tV0hEa7/LxMe1OtDMeeNM+qW22Ap6RO8o7v6mCzdn72ds0xSmiPFGuQ1RiRflKRj MjU+k61a3oEe2/rkvbBfuDSIm+4yZo1PjTDI02UoD5JC2nJ0Dlk6978hF6lLSrCv 28UR0i6NijI3Wa2Uq3gSA+qY9bo02sC1XOEveTfftLUfl1QOID0VZGHHnrao4mfx LpxYJR2XJpTvNs1x3lCOcTYWJr4Ju99/ZFkHneAj2OQEvOhP/CHuqUmUglHW9UMW CwQKAVZD242e6qPUu0xaW/nH4dQHbridWPWR3MfwiFj6Vbzc3Wpc+tx7LGdlFuhG 9/goo4MMI7QFdxFXD3bbcOhYRi6DbqJUSxTvWfpC2sssFmZ/N5kmr0w2ccXMUAGc Ez2M8Wm+gVYlCeBMS3rtPkxVcayzHZnxhj+3Fa7Qh3FAY9NdnJ/UA6xJdPrQvTpd DJsQUIK9Ung2c1D3kGGN6QgnUCgL3CtZ7RCSgPD8Zqs4q6Zhuwq6uquC3EDIZO2y HgMF1dRKihaXV5URz9IXfQAHQvbR1PD5e/KuL32bEtXwE0Oxocp1jTrIeIrW71JZ 2qcwUzBx5TzaQfLl+Rk1 =7iMd -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2015-7097 // JVNDB: JVNDB-2015-006328 // BID: 78720 // VULHUB: VHN-85058 // PACKETSTORM: 134792 // PACKETSTORM: 134746

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lte	version:	9.0.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lte	version:	9.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	9.0.1	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.0.2 (os x el capitan v10.11 and v10.11.1)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.0.2 (os x mavericks v10.9.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.0.2 (os x yosemite v10.10.5)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	9.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	9.0	Trust: 0.6
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.4.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.0.80	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2.20	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.4.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.31	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	ne	version:	12.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1.4	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.6.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.2	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	esignal	model:	esignal	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.2	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.7.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	ne	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.8.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.6.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.34	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.7.4	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.4.6	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2.12	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1.42	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.4.7	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.6.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.7.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	9.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.52	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.6.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4419.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.31	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.28	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.4.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	ne	version:	2.10	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.4.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.33	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.0.163	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.30	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.4.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.6.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.8.4	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	the	model:	webkitgtk+ team webkitgtk+	scope:	eq	version:	2.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3

sources: BID: 78720 // JVNDB: JVNDB-2015-006328 // CNNVD: CNNVD-201512-377 // NVD: CVE-2015-7097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7097
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7097
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201512-377
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-85058
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7097
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-85058
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-85058 // JVNDB: JVNDB-2015-006328 // CNNVD: CNNVD-201512-377 // NVD: CVE-2015-7097

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-85058 // JVNDB: JVNDB-2015-006328 // NVD: CVE-2015-7097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-377

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201512-377

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006328

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-12-08-1 iOS 9.2	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Trust: 0.8
title:	APPLE-SA-2015-12-08-2 tvOS 9.1	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html	Trust: 0.8
title:	APPLE-SA-2015-12-08-5 Safari 9.0.2	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html	Trust: 0.8
title:	HT205635	url:	https://support.apple.com/en-us/HT205635	Trust: 0.8
title:	HT205640	url:	https://support.apple.com/en-us/HT205640	Trust: 0.8
title:	HT205639	url:	https://support.apple.com/en-us/HT205639	Trust: 0.8
title:	HT205639	url:	http://support.apple.com/ja-jp/HT205639	Trust: 0.8
title:	HT205635	url:	http://support.apple.com/ja-jp/HT205635	Trust: 0.8
title:	HT205640	url:	http://support.apple.com/ja-jp/HT205640	Trust: 0.8
title:	Multiple Apple product WebKit Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59195	Trust: 0.6

sources: JVNDB: JVNDB-2015-006328 // CNNVD: CNNVD-201512-377

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7097	Trust: 3.0
db:	BID	id:	78720	Trust: 2.0
db:	SECTRACK	id:	1034341	Trust: 1.7
db:	JVN	id:	JVNVU97526033	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006328	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-377	Trust: 0.7
db:	VULHUB	id:	VHN-85058	Trust: 0.1
db:	PACKETSTORM	id:	134792	Trust: 0.1
db:	PACKETSTORM	id:	134746	Trust: 0.1

sources: VULHUB: VHN-85058 // BID: 78720 // JVNDB: JVNDB-2015-006328 // PACKETSTORM: 134792 // PACKETSTORM: 134746 // CNNVD: CNNVD-201512-377 // NVD: CVE-2015-7097

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00003.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/78720	Trust: 1.7
url:	https://support.apple.com/ht205635	Trust: 1.7
url:	https://support.apple.com/ht205639	Trust: 1.7
url:	https://support.apple.com/ht205640	Trust: 1.7
url:	https://support.apple.com/kb/ht205636	Trust: 1.7
url:	http://www.securitytracker.com/id/1034341	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7097	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97526033/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7097	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3
url:	http://webkitgtk.org/security/wsa-2015-0002.html	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7100	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7095	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7050	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7097	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7102	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7103	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7098	Trust: 0.2
url:	https://gpgtools.org	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7104	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7099	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7101	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7096	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7048	Trust: 0.2
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1

sources: VULHUB: VHN-85058 // BID: 78720 // JVNDB: JVNDB-2015-006328 // PACKETSTORM: 134792 // PACKETSTORM: 134746 // CNNVD: CNNVD-201512-377 // NVD: CVE-2015-7097

CREDITS

Apple

Trust: 0.5

sources: BID: 78720 // PACKETSTORM: 134792 // PACKETSTORM: 134746

SOURCES

db:	VULHUB	id:	VHN-85058
db:	BID	id:	78720
db:	JVNDB	id:	JVNDB-2015-006328
db:	PACKETSTORM	id:	134792
db:	PACKETSTORM	id:	134746
db:	CNNVD	id:	CNNVD-201512-377
db:	NVD	id:	CVE-2015-7097

LAST UPDATE DATE

2025-04-13T19:56:37.917000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85058	date:	2019-03-08T00:00:00
db:	BID	id:	78720	date:	2017-06-08T08:02:00
db:	JVNDB	id:	JVNDB-2015-006328	date:	2015-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201512-377	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2015-7097	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85058	date:	2015-12-11T00:00:00
db:	BID	id:	78720	date:	2015-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-006328	date:	2015-12-15T00:00:00
db:	PACKETSTORM	id:	134792	date:	2015-12-12T18:22:22
db:	PACKETSTORM	id:	134746	date:	2015-12-10T17:09:58
db:	CNNVD	id:	CNNVD-201512-377	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-7097	date:	2015-12-11T11:59:54.440