5
CVSSv2

CVE-2015-1118

Published: 10/04/2015 Updated: 08/03/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

libnetcore in Apple iOS prior to 8.3, Apple OS X prior to 10.10.3, and Apple TV prior to 7.2 allows malicious users to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.

Affected Products

Vendor Product Versions
AppleIphone Os8.2
AppleMac Os X10.10.2
AppleTvos7.1

Vendor Advisories

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...

Recent Articles

Wi-Fi hotspots can put iPhones into ETERNAL super slow-mo
The Register • Darren Pauli • 10 Apr 2015

'Phantom' hack sends your iThings into a tailspin of torpor

A vulnerability fixed in this week's Apple patch run can easily brick iPhones, researchers say.
The flaw (CVE-2015-1118) dubbed "Phantom" allows attackers who can trick users into changing their iDevice proxy settings to tap into multiple use-after-free vulnerabilities.
Doing so causes constant ubiquitous app crashing including the system platform. Rebooting sends affected devices into a "coma" state.
FireEye bods Zhaofeng Chen; Hui Xue; Tao Wei, and Yulong Zhang, say attackers...

Apple Fixes Proxy Manipulating Phantom Attack in iOS 8.3
Threatpost • Chris Brook • 09 Apr 2015

If left unpatched, one of the vulnerabilities fixed in this week’s iOS update could render an iPhone near useless. If triggered, it could cause networking apps to quit, the system to grind to a halt. In some cases, the device wouldn’t even be able to be rebooted.
The vulnerability, nicknamed Phantom by researchers at FireEye, stems from a misconfiguration in iOS’ HTTP proxy settings. If an attacker tweaked a device’s proxy values accordingly, they could cause several use-after-free...