CVE-2015-1157
Severity CVSS v4.0:
Pending analysis
Type:
CWE-17
Code Errors
Publication date:
28/05/2015
Last modified:
12/04/2025
Description
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
Impact
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:iphone_os:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:8.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:8.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:8.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:8.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:8.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:8.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:8.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.0.3 (including) | |
| cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:* | 12.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083
- http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/
- http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/
- http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/
- http://www.securityfocus.com/bid/75491
- http://www.securitytracker.com/id/1032408
- http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/
- https://ghostbin.com/paste/zws9m
- https://support.apple.com/HT205221
- http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083
- http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/
- http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/
- http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/
- http://www.securityfocus.com/bid/75491
- http://www.securitytracker.com/id/1032408
- http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/
- https://ghostbin.com/paste/zws9m
- https://support.apple.com/HT205221