PT-2015-2119 · Apple · Ios

Andreas Kurtz

Published

2015-09-18

Updated

2016-12-22

CVE-2015-5880

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 9

Description The issue is related to a lack of protection for system data in the CoreAnimation component of the iOS operating system. This can be exploited by a remote attacker using a specially crafted background application to gain access to the clipboard. The exploitation allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access.

Recommendations For Apple iOS versions prior to 9, update to a version 9 or later to resolve the issue. As a temporary workaround, consider restricting the use of background applications to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2015-11465

CVE-2015-5880

Affected Products

Ios

PT-2015-2119 · Apple · Ios

CVE-2015-5880

Weakness Enumeration

Related Identifiers

Affected Products

References · 6