Details of VAR-201512-0183

ID

VAR-201512-0183

CVE

CVE-2015-7113

TITLE

Apple iOS and watchOS of LaunchServices Component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2015-006355

DESCRIPTION

The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in: Apple iOS 9.2 Apple watchOS 2.1. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. LaunchServices is one of the components that uses a running application to open other applications or documents. A security vulnerability exists in the LaunchServices component of Apple iOS 9.1 and earlier and watchOS 2. and earlier

Trust: 1.98

sources: NVD: CVE-2015-7113 // JVNDB: JVNDB-2015-006355 // BID: 78731 // VULHUB: VHN-85074

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lte	version:	2.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch hermes)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch sport)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch)	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.1	Trust: 0.6
vendor:	apple	model:	watchos	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	watch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	9.2	Trust: 0.3

sources: BID: 78731 // JVNDB: JVNDB-2015-006355 // CNNVD: CNNVD-201512-178 // NVD: CVE-2015-7113

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7113
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7113
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201512-178
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-85074
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-7113
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-85074
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-85074 // JVNDB: JVNDB-2015-006355 // CNNVD: CNNVD-201512-178 // NVD: CVE-2015-7113

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-85074 // JVNDB: JVNDB-2015-006355 // NVD: CVE-2015-7113

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-178

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201512-178

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006355

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-12-08-4 watchOS 2.1	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html	Trust: 0.8
title:	APPLE-SA-2015-12-08-1 iOS 9.2	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Trust: 0.8
title:	HT205635	url:	https://support.apple.com/en-us/HT205635	Trust: 0.8
title:	HT205641	url:	https://support.apple.com/en-us/HT205641	Trust: 0.8
title:	HT205635	url:	http://support.apple.com/ja-jp/HT205635	Trust: 0.8
title:	HT205641	url:	http://support.apple.com/ja-jp/HT205641	Trust: 0.8
title:	Apple iOS and watchOS LaunchServices Fixes for component buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59036	Trust: 0.6

sources: JVNDB: JVNDB-2015-006355 // CNNVD: CNNVD-201512-178

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7113	Trust: 2.8
db:	SECTRACK	id:	1034348	Trust: 1.1
db:	BID	id:	78731	Trust: 1.0
db:	JVN	id:	JVNVU97526033	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006355	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-178	Trust: 0.7
db:	VULHUB	id:	VHN-85074	Trust: 0.1

sources: VULHUB: VHN-85074 // BID: 78731 // JVNDB: JVNDB-2015-006355 // CNNVD: CNNVD-201512-178 // NVD: CVE-2015-7113

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00002.html	Trust: 1.7
url:	https://support.apple.com/ht205635	Trust: 1.7
url:	https://support.apple.com/ht205641	Trust: 1.7
url:	http://www.securitytracker.com/id/1034348	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7113	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97526033/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7113	Trust: 0.8
url:	http://www.securityfocus.com/bid/78731	Trust: 0.6
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/watchos-2/	Trust: 0.3

sources: VULHUB: VHN-85074 // BID: 78731 // JVNDB: JVNDB-2015-006355 // CNNVD: CNNVD-201512-178 // NVD: CVE-2015-7113

CREDITS

Olivier Goguel of Free Tools Association

Trust: 0.9

sources: BID: 78731 // CNNVD: CNNVD-201512-178

SOURCES

db:	VULHUB	id:	VHN-85074
db:	BID	id:	78731
db:	JVNDB	id:	JVNDB-2015-006355
db:	CNNVD	id:	CNNVD-201512-178
db:	NVD	id:	CVE-2015-7113

LAST UPDATE DATE

2025-04-13T21:08:16.229000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85074	date:	2016-12-07T00:00:00
db:	BID	id:	78731	date:	2015-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-006355	date:	2015-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201512-178	date:	2015-12-14T00:00:00
db:	NVD	id:	CVE-2015-7113	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85074	date:	2015-12-11T00:00:00
db:	BID	id:	78731	date:	2015-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-006355	date:	2015-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201512-178	date:	2015-12-10T00:00:00
db:	NVD	id:	CVE-2015-7113	date:	2015-12-11T12:00:10.463