VAR-201507-0420
Vulnerability from variot - Updated: 2023-12-18 10:59The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, bypass security restrictions, and perform other attacks. Versions prior to iOS 8.4 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Telephony is one of the components that provides telephony functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0420",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4 (ipod touch first 5 after generation )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "75490"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003433"
},
{
"db": "NVD",
"id": "CVE-2015-3726"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-087"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3726"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from FireEye, Inc, chaithanya (SegFault) working with HP\u0027s Zero Day Initiative, WanderingGlitch of HP\u0027s Zero Day Initiative, Matt Spisak of Endgame and Brian W. Gray of Carnegie Mellon University, Craig Young from",
"sources": [
{
"db": "BID",
"id": "75490"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3726",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3726",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-81687",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3726",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81687",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81687"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003433"
},
{
"db": "NVD",
"id": "CVE-2015-3726"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. Apple iOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, perform unauthorized actions, bypass security restrictions, and perform other attacks. \nVersions prior to iOS 8.4 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Telephony is one of the components that provides telephony functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3726"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003433"
},
{
"db": "BID",
"id": "75490"
},
{
"db": "VULHUB",
"id": "VHN-81687"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3726",
"trust": 2.8
},
{
"db": "BID",
"id": "75490",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1032761",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003433",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-087",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-81687",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81687"
},
{
"db": "BID",
"id": "75490"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003433"
},
{
"db": "NVD",
"id": "CVE-2015-3726"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-087"
}
]
},
"id": "VAR-201507-0420",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81687"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:59:46.268000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-06-30-1 iOS 8.4",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
},
{
"title": "HT204941",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht204941"
},
{
"title": "HT204941",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht204941"
},
{
"title": "quicktime7.7.7_installer",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56517"
},
{
"title": "osxupd10.10.4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56516"
},
{
"title": "iPhone7,1_8.4_12H143_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56515"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003433"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81687"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003433"
},
{
"db": "NVD",
"id": "CVE-2015-3726"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht204941"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/75490"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032761"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3726"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3726"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81687"
},
{
"db": "BID",
"id": "75490"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003433"
},
{
"db": "NVD",
"id": "CVE-2015-3726"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81687"
},
{
"db": "BID",
"id": "75490"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003433"
},
{
"db": "NVD",
"id": "CVE-2015-3726"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-81687"
},
{
"date": "2015-06-30T00:00:00",
"db": "BID",
"id": "75490"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003433"
},
{
"date": "2015-07-03T02:00:17.040000",
"db": "NVD",
"id": "CVE-2015-3726"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-81687"
},
{
"date": "2015-07-15T00:52:00",
"db": "BID",
"id": "75490"
},
{
"date": "2015-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003433"
},
{
"date": "2016-12-30T21:13:42.697000",
"db": "NVD",
"id": "CVE-2015-3726"
},
{
"date": "2015-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS of Telephony Vulnerability to execute arbitrary code in subsystem",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003433"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-087"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…