CVE-2015-1154
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: product-security@apple.com — https://support.apple.com/HT204826
Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2015/May/msg00000.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apple | itunes | {"endIncluding":"12.1"} | |
| apple | safari | {"endIncluding":"6.2.5"} | |
| apple | safari | 7.0 | |
| apple | safari | 7.0.1 | |
| apple | safari | 7.0.2 | |
| apple | safari | 7.0.3 | |
| apple | safari | 7.0.4 | |
| apple | safari | 7.0.5 | |
| apple | safari | 7.0.6 | |
| apple | safari | 7.1.0 | |
| apple | safari | 7.1.1 | |
| apple | safari | 7.1.2 | |
| apple | safari | 7.1.3 | |
| apple | safari | 7.1.4 | |
| apple | safari | 7.1.5 | |
| apple | safari | 8.0.0 | |
| apple | safari | 8.0.1 | |
| apple | safari | 8.0.2 | |
| apple | safari | 8.0.3 | |
| apple | safari | 8.0.4 | |
| apple | safari | 8.0.5 | |
References
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
- http://lists.apple.com/archives/security-announce/2015/May/msg00000.html
- http://www.securityfocus.com/bid/74526
- http://www.securitytracker.com/id/1032270
- https://support.apple.com/HT204826
- https://support.apple.com/kb/HT204949
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
- http://lists.apple.com/archives/security-announce/2015/May/msg00000.html
- http://www.securityfocus.com/bid/74526
- http://www.securitytracker.com/id/1032270
- https://support.apple.com/HT204826
- https://support.apple.com/kb/HT204949
Verify integrity in audit chain (admin only). AS-IS.