CVE-2015-1157

Name of the Vulnerable Software and Affected Versions Apple iOS versions 8.x through 8.3 Apple iOS before 8.4.1 Safari before 6.2.8 Safari 7.x before 7.1.8 Safari 8.x before 8.0.8

Description The issue is related to errors in the code and allows remote attackers to cause a denial of service, potentially leading to a device reboot and disruption of messaging services. This can be achieved by sending crafted Unicode text, which is not properly handled during display truncation in the Notifications feature. The text can be sent via SMS or WhatsApp, and the use of specific characters, such as Arabic characters, can demonstrate this issue. Additionally, the vulnerability can be exploited through a crafted web site, leading to memory corruption and application crash, or potentially allowing the execution of arbitrary code.

Recommendations For Apple iOS versions 8.x through 8.3, update to version 8.4.1 or later to resolve the issue. For Apple iOS before 8.4.1, update to version 8.4.1 or later to resolve the issue. For Safari before 6.2.8, update to version 6.2.8 or later to resolve the issue. For Safari 7.x before 7.1.8, update to version 7.1.8 or later to resolve the issue. For Safari 8.x before 8.0.8, update to version 8.0.8 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted Unicode text in SMS or WhatsApp messages until a patch is available. Restrict access to crafted web sites to minimize the risk of exploitation.