CVE-2015-1157
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
3.8 Low
AI Score
Confidence
High
0.126 Low
EPSS
Percentile
95.5%
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
Affected configurations
References
9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/
lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
support.apple.com/kb/HT204941
support.apple.com/kb/HT204942
www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083
www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/
www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/
www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/
www.securityfocus.com/bid/75491
www.securitytracker.com/id/1032408
zanzebek.com/a-simple-text-message-can-ruin-any-iphone/
ghostbin.com/paste/zws9m
support.apple.com/HT205221
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
3.8 Low
AI Score
Confidence
High
0.126 Low
EPSS
Percentile
95.5%