What is CVE-2015-1155?

CVE-2015-1155 is a vulnerability in Apple Iphone_os, classified under CWE-264. Published 2015-05-08.

Is CVE-2015-1155 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Iphone_os

CVE-2015-1155

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

EPSS: 0.679 (98.6th percentile) — read the EPSS interpretation.

Affected products

Apple Iphone_os
Apple Safari — versions 7.0, 7.0.1, 7.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

rapid7/metasploit-framework

References

product-security@apple.com (x_refsource_CONFIRM, Vendor Advisory)
product-security@apple.com (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2016:0761 (vendor-advisory, x_refsource_SUSE)
1032270 (vdb-entry, x_refsource_SECTRACK)
74527 (vdb-entry, x_refsource_BID)
openSUSE-SU-2016:0915 (vendor-advisory, x_refsource_SUSE)
APPLE-SA-2015-06-30-1 (vendor-advisory, x_refsource_APPLE, Vendor Advisory)
APPLE-SA-2015-05-06-1 (vendor-advisory, x_refsource_APPLE, Vendor Advisory)
USN-2937-1 (x_refsource_UBUNTU, vendor-advisory)

Frequently asked questions

What is CVE-2015-1155?: CVE-2015-1155 is a vulnerability in Apple Iphone_os, classified under CWE-264. Published 2015-05-08.
Is CVE-2015-1155 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.