CVE-2015-1157
First published: Thu May 28 2015(Updated: )
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPhone OS | =8.0 | |
| Apple iPhone OS | =8.0.1 | |
| Apple iPhone OS | =8.0.2 | |
| Apple iPhone OS | =8.1 | |
| Apple iPhone OS | =8.1.2 | |
| Apple iPhone OS | =8.1.3 | |
| Apple iPhone OS | =8.2 | |
| Apple iPhone OS | =8.3 | |
| macOS Yosemite | <=10.0.3 | |
| Apple iTunes | <=12.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
- http://support.apple.com/kb/HT204941
- http://support.apple.com/kb/HT204942
- http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083
- http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/
- http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/
- http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/
- http://www.securityfocus.com/bid/75491
- http://www.securitytracker.com/id/1032408
- http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/
- https://ghostbin.com/paste/zws9m
- https://support.apple.com/HT205221
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple iphone os
- version/apple iphone os/8.0
- version/apple iphone os/8.0.1
- version/apple iphone os/8.0.2
- version/apple iphone os/8.1
- version/apple iphone os/8.1.2
- version/apple iphone os/8.1.3
- version/apple iphone os/8.2
- version/apple iphone os/8.3
- canonical/macos yosemite
- version/macos yosemite/10.0.3
- canonical/apple itunes
- version/apple itunes/12.2