Vulnerabilities > CVE-2015-1157 - Code vulnerability in Apple Iphone OS, Itunes and mac OS X
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_4.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.4. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 84488 published 2015-07-01 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84488 title Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84488); script_version("1.21"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2015-0209", "CVE-2015-0235", "CVE-2015-0273", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0293", "CVE-2015-1157", "CVE-2015-1798", "CVE-2015-1799", "CVE-2015-3661", "CVE-2015-3662", "CVE-2015-3663", "CVE-2015-3666", "CVE-2015-3667", "CVE-2015-3668", "CVE-2015-3671", "CVE-2015-3672", "CVE-2015-3673", "CVE-2015-3674", "CVE-2015-3675", "CVE-2015-3676", "CVE-2015-3677", "CVE-2015-3678", "CVE-2015-3679", "CVE-2015-3680", "CVE-2015-3681", "CVE-2015-3682", "CVE-2015-3683", "CVE-2015-3684", "CVE-2015-3685", "CVE-2015-3686", "CVE-2015-3687", "CVE-2015-3688", "CVE-2015-3689", "CVE-2015-3690", "CVE-2015-3691", "CVE-2015-3692", "CVE-2015-3693", "CVE-2015-3694", "CVE-2015-3695", "CVE-2015-3696", "CVE-2015-3697", "CVE-2015-3698", "CVE-2015-3699", "CVE-2015-3700", "CVE-2015-3701", "CVE-2015-3702", "CVE-2015-3703", "CVE-2015-3704", "CVE-2015-3705", "CVE-2015-3706", "CVE-2015-3707", "CVE-2015-3708", "CVE-2015-3709", "CVE-2015-3710", "CVE-2015-3711", "CVE-2015-3712", "CVE-2015-3713", "CVE-2015-3714", "CVE-2015-3715", "CVE-2015-3716", "CVE-2015-3717", "CVE-2015-3718", "CVE-2015-3719", "CVE-2015-3720", "CVE-2015-3721", "CVE-2015-4000", "CVE-2015-7036" ); script_bugtraq_id( 72325, 72701, 73225, 73227, 73231, 73232, 73237, 73239, 73950, 73951, 74733 ); script_xref(name:"CERT", value:"967332"); script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-06-30-2"); script_name(english:"Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)"); script_summary(english:"Checks the version of Mac OS X."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.4. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-ca/HT204942"); # http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?956357d4"); # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7a6ddbd"); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X 10.10.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0235"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Apple OS X Entitlements Rootpipe Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/30"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/01"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); script_require_ports("Host/MacOSX/Version", "Host/OS"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); match = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os); if (isnull(match)) exit(1, "Failed to parse the Mac OS X version ('" + os + "')."); version = match[1]; if (!ereg(pattern:"^10\.10([^0-9]|$)", string:version)) audit(AUDIT_OS_NOT, "Mac OS X 10.10", "Mac OS X "+version); fixed_version = "10.10.4"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); exit(0); } else exit(0, "The host is not affected since it is running Mac OS X "+version+".");NASL family Windows NASL id ITUNES_12_3_0.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the bundled versions of WebKit, CoreText, the Microsoft Visual Studio C++ Redistributable Package, and ICU. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 86001 published 2015-09-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86001 title Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-005.NASL description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-005. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 84489 published 2015-07-01 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84489 title Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam) NASL family Peer-To-Peer File Sharing NASL id ITUNES_12_3_0_BANNER.NASL description The version of Apple iTunes running on the remote host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the WebKit, CoreText, and ICU components, and in the bundled version of the Microsoft Visual Studio C++ Redistributable Package. An attacker can exploit these vulnerabilities to cause a denial of service, execute arbitrary code, or gain access to encrypted SMB credentials. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 86601 published 2015-10-26 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86601 title Apple iTunes < 12.3 Multiple Vulnerabilities (uncredentialed check)
References
- http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/
- http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/
- http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/
- https://ghostbin.com/paste/zws9m
- http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083
- http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/
- http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/
- http://www.securitytracker.com/id/1032408
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
- https://support.apple.com/HT205221
- http://www.securityfocus.com/bid/75491