CVE-2015-1157

CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
appleiphone_os
8.0
appleiphone_os
8.0.1
appleiphone_os
8.0.2
appleiphone_os
8.1
appleiphone_os
8.1.2
appleiphone_os
8.1.3
appleiphone_os
8.2
appleiphone_os
8.3
applemac_os_x
𝑥
≤ 10.0.3
appleitunes
𝑥
≤ 12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942
http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083
http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/
http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/
http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/
http://www.securityfocus.com/bid/75491
http://www.securitytracker.com/id/1032408
http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/
https://ghostbin.com/paste/zws9m
https://support.apple.com/HT205221
http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942
http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083
http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/
http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/
http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/
http://www.securityfocus.com/bid/75491
http://www.securitytracker.com/id/1032408
http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/
https://ghostbin.com/paste/zws9m
https://support.apple.com/HT205221