Vulnerability-Lookup

CVE-2015-1064 (GCVE-0-2015-1064)

Vulnerability from cvelistv5 – Published: 2015-03-12 10:00 – Updated: 2024-08-06 04:33

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securitytracker.com/id/1031864	vdb-entryx_refsource_SECTRACK
	https://support.apple.com/HT204423	x_refsource_CONFIRM

Date Public ?

2015-03-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:33:20.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2015-03-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
          },
          {
            "name": "1031864",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031864"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204423"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-16T16:57:00.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "APPLE-SA-2015-03-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
        },
        {
          "name": "1031864",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031864"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204423"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1064",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-03-09-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
            },
            {
              "name": "1031864",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031864"
            },
            {
              "name": "https://support.apple.com/HT204423",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204423"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2015-1064",
    "datePublished": "2015-03-12T10:00:00.000Z",
    "dateReserved": "2015-01-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:33:20.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2015-1064",
      "date": "2026-05-05",
      "epss": "0.00068",
      "percentile": "0.20699"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.1.3\", \"matchCriteriaId\": \"51E778E9-865E-410F-98FE-25E2D898BA71\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.\"}, {\"lang\": \"es\", \"value\": \"Springboard en Apple iOS anterior a 8.2 permite a atacantes f\\u00edsicamente pr\\u00f3ximos evadir el requisito de activaci\\u00f3n y leer la pantalla inicial mediante el aprovechamiento de una ca\\u00edda de aplicaci\\u00f3n durante el proceso de activaci\\u00f3n.\"}]",
      "id": "CVE-2015-1064",
      "lastModified": "2024-11-21T02:24:35.053",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 1.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.4, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-03-12T10:59:08.787",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1031864\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT204423\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1031864\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT204423\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-1064\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-03-12T10:59:08.787\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.\"},{\"lang\":\"es\",\"value\":\"Springboard en Apple iOS anterior a 8.2 permite a atacantes f\u00edsicamente pr\u00f3ximos evadir el requisito de activaci\u00f3n y leer la pantalla inicial mediante el aprovechamiento de una ca\u00edda de aplicaci\u00f3n durante el proceso de activaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1.3\",\"matchCriteriaId\":\"51E778E9-865E-410F-98FE-25E2D898BA71\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1031864\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT204423\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1031864\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT204423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2015-1064

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-1064

Aliases

CVE-2015-1064

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1064",
    "description": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.",
    "id": "GSD-2015-1064"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1064"
      ],
      "details": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.",
      "id": "GSD-2015-1064",
      "modified": "2023-12-13T01:20:05.259436Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-1064",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2015-03-09-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
          },
          {
            "name": "1031864",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031864"
          },
          {
            "name": "https://support.apple.com/HT204423",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204423"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1064"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT204423",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204423"
            },
            {
              "name": "APPLE-SA-2015-03-09-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
            },
            {
              "name": "1031864",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031864"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-09-11T15:48Z",
      "publishedDate": "2015-03-12T10:59Z"
    }
  }
}

VAR-201503-0077

Vulnerability from variot - Updated: 2023-12-18 11:18

Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. Apple iOS is prone to a local security-bypass vulnerability. Attackers with physical access to the device can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Springboard is a desktop for Apple iDevice. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-03-09-1 iOS 8.2

iOS 8.2 is now available and addresses the following:

CoreTelephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker can cause a device to unexpectedly restart Description: A null pointer dereference issue existed in CoreTelephony's handling of Class 0 SMS messages. This issue was addressed through improved message validation. CVE-ID CVE-2015-1063 : Roman Digerberg, Sweden

iCloud Keychain Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1065 : Andrey Belenko of NowSecure

IOSurface Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in IOSurface's handling of serialized objects. The issue was addressed through additional type checking. CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero

MobileStorageMounter Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to create folders in trusted locations in the file system Description: An issue existed in the developer disk mounting logic which resulted in invalid disk image folders not being deleted. This was addressed through improved error handling. CVE-ID CVE-2015-1062 : TaiG Jailbreak Team

Secure Transport Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris

Springboard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see the home screen of the device even if the device is not activated Description: An unexpected application termination during activation could have caused the device to show the home screen. The issue was addressed through improved error handling during activation. CVE-ID CVE-2015-1064

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "8.2".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI Ld7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF H8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B qAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6 5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7 ucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp V6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH Li0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD rvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233 5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq MWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d 3T50q8/I5HSn+5c9eHvz =l+X4 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0077",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (ipod touch first  5 after generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1064"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-291"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1064"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "BID",
        "id": "73002"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-1064",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 1.9,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-1064",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-79024",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1064",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-291",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79024",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1064"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-291"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. Apple iOS is prone to a local security-bypass vulnerability. \nAttackers with physical access to the device can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Springboard is a desktop for Apple iDevice. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-03-09-1 iOS 8.2\n\niOS 8.2 is now available and addresses the following:\n\nCoreTelephony\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A remote attacker can cause a device to unexpectedly restart\nDescription:  A null pointer dereference issue existed in\nCoreTelephony\u0027s handling of Class 0 SMS messages. This issue was\naddressed through improved message validation. \nCVE-ID\nCVE-2015-1063 : Roman Digerberg, Sweden\n\niCloud Keychain\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  Multiple buffer overflows existed in the handling of\ndata during iCloud Keychain recovery. These issues were addressed\nthrough improved bounds checking. \nCVE-ID\nCVE-2015-1065 : Andrey Belenko of NowSecure\n\nIOSurface\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A type confusion issue existed in IOSurface\u0027s handling\nof serialized objects. The issue was addressed through additional\ntype checking. \nCVE-ID\nCVE-2015-1061 : Ian Beer of Google Project Zero\n\nMobileStorageMounter\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to create folders in\ntrusted locations in the file system\nDescription:  An issue existed in the developer disk mounting logic\nwhich resulted in invalid disk image folders not being deleted. This\nwas addressed through improved error handling. \nCVE-ID\nCVE-2015-1062 : TaiG Jailbreak Team\n\nSecure Transport\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  Secure Transport accepted short ephemeral RSA keys,\nusually used only in export-strength RSA cipher suites, on\nconnections using full-strength RSA cipher suites. This issue, also\nknown as FREAK, only affected connections to servers which support\nexport-strength RSA cipher suites, and was addressed by removing\nsupport for ephemeral RSA keys. \nCVE-ID\nCVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nProsecco at Inria Paris\n\nSpringboard\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to the device may be able to\nsee the home screen of the device even if the device is not activated\nDescription:  An unexpected application termination during activation\ncould have caused the device to show the home screen. The issue was\naddressed through improved error handling during activation. \nCVE-ID\nCVE-2015-1064\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"8.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI\nLd7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF\nH8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B\nqAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6\n5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7\nucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp\nV6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH\nLi0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD\nrvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233\n5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq\nMWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d\n3T50q8/I5HSn+5c9eHvz\n=l+X4\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      },
      {
        "db": "BID",
        "id": "73002"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79024"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1064",
        "trust": 2.9
      },
      {
        "db": "SECTRACK",
        "id": "1031864",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU90171154",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001782",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-291",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "73002",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-79024",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130741",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79024"
      },
      {
        "db": "BID",
        "id": "73002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1064"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-291"
      }
    ]
  },
  "id": "VAR-201503-0077",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79024"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:18:38.809000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-03-09-1 iOS 8.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00000.html"
      },
      {
        "title": "HT204423",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204423"
      },
      {
        "title": "HT204423",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204423"
      },
      {
        "title": "iPhone7,1_8.2_12D508_Restore",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54079"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-291"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1064"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204423"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031864"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1064"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90171154/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1064"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht204423"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1065"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1062"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1067"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1061"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1063"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79024"
      },
      {
        "db": "BID",
        "id": "73002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1064"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-291"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-79024"
      },
      {
        "db": "BID",
        "id": "73002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1064"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-291"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79024"
      },
      {
        "date": "2015-03-09T00:00:00",
        "db": "BID",
        "id": "73002"
      },
      {
        "date": "2015-03-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      },
      {
        "date": "2015-03-10T16:14:34",
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "date": "2015-03-12T10:59:08.787000",
        "db": "NVD",
        "id": "CVE-2015-1064"
      },
      {
        "date": "2015-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-291"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79024"
      },
      {
        "date": "2015-03-09T00:00:00",
        "db": "BID",
        "id": "73002"
      },
      {
        "date": "2015-03-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      },
      {
        "date": "2015-09-11T15:48:52.670000",
        "db": "NVD",
        "id": "CVE-2015-1064"
      },
      {
        "date": "2015-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-291"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "73002"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-291"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS of  Springboard Vulnerabilities that prevent activation requests",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001782"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-291"
      }
    ],
    "trust": 0.6
  }
}

GHSA-8WGX-8RV6-52MM

Vulnerability from github – Published: 2022-05-17 04:07 – Updated: 2022-05-17 04:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1064"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-03-12T10:59:00Z",
    "severity": "LOW"
  },
  "details": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.",
  "id": "GHSA-8wgx-8rv6-52mm",
  "modified": "2022-05-17T04:07:46Z",
  "published": "2022-05-17T04:07:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1064"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204423"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031864"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2015-AVI-092

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks
Apple	N/A	Apple TV
Apple	N/A	OS X Moutain Lion
Apple	N/A	OS X Yosemite
Apple	N/A	iOS 8.2
Apple	N/A	Xcode 6.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT204426 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204427 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple 2015-002 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204423 du 09 mars 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple TV",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Moutain Lion",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS 8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-8108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8108"
    },
    {
      "name": "CVE-2015-1064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1064"
    },
    {
      "name": "CVE-2014-3580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3580"
    },
    {
      "name": "CVE-2015-1066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1066"
    },
    {
      "name": "CVE-2015-1062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1062"
    },
    {
      "name": "CVE-2015-1063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1063"
    },
    {
      "name": "CVE-2014-3522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3522"
    },
    {
      "name": "CVE-2014-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3528"
    },
    {
      "name": "CVE-2014-9390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9390"
    },
    {
      "name": "CVE-2015-1067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1067"
    },
    {
      "name": "CVE-2015-1065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1065"
    },
    {
      "name": "CVE-2014-4496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4496"
    },
    {
      "name": "CVE-2015-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1061"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-092",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204426 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204426"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204427 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204427"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2015-002 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204413"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204423 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204423"
    }
  ]
}

CERTFR-2015-AVI-092

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks
Apple	N/A	Apple TV
Apple	N/A	OS X Moutain Lion
Apple	N/A	OS X Yosemite
Apple	N/A	iOS 8.2
Apple	N/A	Xcode 6.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT204426 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204427 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple 2015-002 du 09 mars 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204423 du 09 mars 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple TV",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Moutain Lion",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS 8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-8108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8108"
    },
    {
      "name": "CVE-2015-1064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1064"
    },
    {
      "name": "CVE-2014-3580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3580"
    },
    {
      "name": "CVE-2015-1066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1066"
    },
    {
      "name": "CVE-2015-1062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1062"
    },
    {
      "name": "CVE-2015-1063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1063"
    },
    {
      "name": "CVE-2014-3522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3522"
    },
    {
      "name": "CVE-2014-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3528"
    },
    {
      "name": "CVE-2014-9390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9390"
    },
    {
      "name": "CVE-2015-1067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1067"
    },
    {
      "name": "CVE-2015-1065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1065"
    },
    {
      "name": "CVE-2014-4496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4496"
    },
    {
      "name": "CVE-2015-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1061"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-092",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-03-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204426 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204426"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204427 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204427"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2015-002 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204413"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204423 du 09 mars 2015",
      "url": "https://support.apple.com/en-us/HT204423"
    }
  ]
}

FKIE_CVE-2015-1064

Vulnerability from fkie_nvd - Published: 2015-03-12 10:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html	Vendor Advisory
product-security@apple.com	http://www.securitytracker.com/id/1031864
product-security@apple.com	https://support.apple.com/HT204423	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031864
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204423	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E778E9-865E-410F-98FE-25E2D898BA71",
              "versionEndIncluding": "8.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process."
    },
    {
      "lang": "es",
      "value": "Springboard en Apple iOS anterior a 8.2 permite a atacantes f\u00edsicamente pr\u00f3ximos evadir el requisito de activaci\u00f3n y leer la pantalla inicial mediante el aprovechamiento de una ca\u00edda de aplicaci\u00f3n durante el proceso de activaci\u00f3n."
    }
  ],
  "id": "CVE-2015-1064",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-03-12T10:59:08.787",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1031864"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204423"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-01638

Vulnerability from cnvd - Published: 2015-03-13

Title

Apple iOS安全绕过漏洞

Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS存在安全漏洞，允许物理可访问的用户即使在设备未激活的情况下，查看目标设备HOME屏幕。

Severity

低

Patch Name

Apple iOS安全绕过漏洞的补丁

Patch Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS存在安全漏洞，允许物理可访问的用户即使在设备未激活的情况下，查看目标设备HOME屏幕。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Apple iOS 8.2已经修复该漏洞，建议用户下载更新： https://support.apple.com

Reference

https://support.apple.com/kb/HT204423

Impacted products

Name
Apple IOS <8.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1064"
    }
  },
  "description": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\nApple iOS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u7269\u7406\u53ef\u8bbf\u95ee\u7684\u7528\u6237\u5373\u4f7f\u5728\u8bbe\u5907\u672a\u6fc0\u6d3b\u7684\u60c5\u51b5\u4e0b\uff0c\u67e5\u770b\u76ee\u6807\u8bbe\u5907HOME\u5c4f\u5e55\u3002",
  "discovererName": "Apple",
  "formalWay": "Apple iOS 8.2\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://support.apple.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01638",
  "openTime": "2015-03-13",
  "patchDescription": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\nApple iOS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u7269\u7406\u53ef\u8bbf\u95ee\u7684\u7528\u6237\u5373\u4f7f\u5728\u8bbe\u5907\u672a\u6fc0\u6d3b\u7684\u60c5\u51b5\u4e0b\uff0c\u67e5\u770b\u76ee\u6807\u8bbe\u5907HOME\u5c4f\u5e55\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple IOS \u003c8.2"
  },
  "referenceLink": "https://support.apple.com/kb/HT204423",
  "serverity": "\u4f4e",
  "submitTime": "2015-03-12",
  "title": "Apple iOS\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-1064 (GCVE-0-2015-1064)

GSD-2015-1064

VAR-201503-0077

GHSA-8WGX-8RV6-52MM

CERTFR-2015-AVI-092

Solution

CERTFR-2015-AVI-092

Solution

FKIE_CVE-2015-1064

CNVD-2015-01638

Tags

Sightings

Nomenclature