Vulnerability-Lookup

CVE-2015-5923 (GCVE-0-2015-5923)

Vulnerability from cvelistv5 – Published: 2015-10-09 01:00 – Updated: 2024-08-06 07:06

Summary

Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

GSD-2015-5923

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

Aliases

CVE-2015-5923

Aliases

CVE-2015-5923

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-5923",
    "description": "Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.",
    "id": "GSD-2015-5923"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5923"
      ],
      "details": "Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.",
      "id": "GSD-2015-5923",
      "modified": "2023-12-13T01:20:05.941906Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-5923",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1033687",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033687"
          },
          {
            "name": "https://support.apple.com/HT205284",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205284"
          },
          {
            "name": "APPLE-SA-2015-09-30-01",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00006.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-5923"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT205284",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205284"
            },
            {
              "name": "APPLE-SA-2015-09-30-01",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00006.html"
            },
            {
              "name": "1033687",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033687"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-08T03:11Z",
      "publishedDate": "2015-10-09T05:59Z"
    }
  }
}

FKIE_CVE-2015-5923

Vulnerability from fkie_nvd - Published: 2015-10-09 05:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Sep/msg00006.html	Vendor Advisory
product-security@apple.com	http://www.securitytracker.com/id/1033687
product-security@apple.com	https://support.apple.com/HT205284	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Sep/msg00006.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033687
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205284	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80B6C086-4769-47ED-9309-7FBF2E5C366A",
              "versionEndIncluding": "9.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Apple iOS en versiones anteriores a 9.0.2 no restringe adecuadamente las opciones disponibles en la pantalla de bloqueo, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos leer los datos de contactos o ver fotos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-5923",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-09T05:59:39.657",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00006.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1033687"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205284"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-W78V-RRW8-QFH9

Vulnerability from github – Published: 2022-05-17 03:22 – Updated: 2022-05-17 03:22

Details

Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-5923"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-10-09T05:59:00Z",
    "severity": "LOW"
  },
  "details": "Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.",
  "id": "GHSA-w78v-rrw8-qfh9",
  "modified": "2022-05-17T03:22:35Z",
  "published": "2022-05-17T03:22:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5923"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205284"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033687"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-06461

Vulnerability from cnvd - Published: 2015-10-13

Title

Apple iOS锁屏绕过漏洞

Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS存在安全漏洞，允许攻击者利用漏洞绕过锁屏获取照片和联系人信息。

Severity

低

Patch Name

Apple iOS锁屏绕过漏洞的补丁

Patch Description

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Apple iOS存在安全漏洞，允许攻击者利用漏洞绕过锁屏获取照片和联系人信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://support.apple.com/en-us/HT205284

Reference

https://support.apple.com/en-us/HT205284

Impacted products

Name
['Apple iPad >=2', 'Apple iPhone >= 4s', 'Apple iPod Touch >= 5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5923"
    }
  },
  "description": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u9501\u5c4f\u83b7\u53d6\u7167\u7247\u548c\u8054\u7cfb\u4eba\u4fe1\u606f\u3002",
  "discovererName": "Apple",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/en-us/HT205284",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06461",
  "openTime": "2015-10-13",
  "patchDescription": "Apple iOS\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u82f9\u679ciPhone\u548ciPod touch\u8bbe\u5907\u4e0a\u7684\u6700\u65b0\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u9501\u5c4f\u83b7\u53d6\u7167\u7247\u548c\u8054\u7cfb\u4eba\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS\u9501\u5c4f\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple iPad \u003e=2",
      "Apple iPhone \u003e= 4s",
      "Apple iPod Touch \u003e= 5"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/HT205284",
  "serverity": "\u4f4e",
  "submitTime": "2015-10-03",
  "title": "Apple iOS\u9501\u5c4f\u7ed5\u8fc7\u6f0f\u6d1e"
}

CERTFR-2015-AVI-415

Vulnerability from certfr_avis - Published: 2015-10-01 - Updated: 2015-10-01

Une vulnérabilité a été corrigée dans Apple iOS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

iOS versions antérieures à 9.0.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

VAR-201510-0233

Vulnerability from variot - Updated: 2025-04-13 20:07

Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. Apple iOS is prone to a local security-bypass vulnerability. Attackers with physical access to the device can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. The vulnerability is caused by the program not properly restricting the options in the lock screen state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-09-30-01 iOS 9.0.2

iOS 9.0.2 is now available and addresses the following:

Lock Screen Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to access photos and contacts from the lock screen Description: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. CVE-ID CVE-2015-5923

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "9.0.2".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWCywnAAoJEBcWfLTuOo7tsbkP/A6aLss8SQXXBjrlKdLbAcWF x/zkFEwnHVG77cfXPwyEHnlqssVV/oc3Ynds6VdUmB4LiIT56NJc7Yl2eteg+PN7 rVePaHZ2iHBqkdT6uoeFqTDirTcc/a01crBtIp9VS8vmbKovzdNwuaVHswX1dsWd FnHA04tf/g028f+mZ5r+fvgvP35jVJZZem0aLln2EIaxB4qIwTLzLZlXt6Wwg54q tf8xcGERemCzeiVHf3XUhZlZBwdGIya+MNNS7DZxQ9+9aqlinMmnlC8Ub66UAI9C 24FphpZfMibBFh/PEBYarFnEA4DxNbFSL6wivVD4vjlgiFLLlcXpPtBU0DseOVDu spkUzYb0enjj0SZhxguxaIrUTqrtGLR0fqkQSOv1RITMalBeRvE6HDbO8U12Q5aM C1VTu0nR/6rzFOjhI1RhMLCsceuSEGCEv10ODZGzYkV2FEYiBeFU3ROloW4NqYf4 MRKwMj2SVeySjzh6qh5i5fgFsd3YUug4AnLr0Uy5Rz9xsF3CaUkvdPfksVgh/IyF fGKr/pKqqWTguTNWYoDSaf/l0jTKceke8HVd04o8nIUjw6yOTk1MsKZ2WWFuQiaE V/ZCF+ssugHCm8k7zKnjYHhe4kp5v2Q4mJ/VzOGVcqOMABi33lm6yAnRFOPSld98 ACylj1OKP3rLyDKeEwRh =7WtW -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201510-0233",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.0.2   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.0.2   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.0.2   (ipod touch first  5 after generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "76821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-121"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5923"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Anonymous",
    "sources": [
      {
        "db": "BID",
        "id": "76821"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-5923",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2015-5923",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-83884",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-5923",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-5923",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201510-121",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-83884",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-121"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5923"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. Apple iOS is prone to a local security-bypass vulnerability. \nAttackers with physical access to the device can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. The vulnerability is caused by the program not properly restricting the options in the lock screen state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-30-01 iOS 9.0.2\n\niOS 9.0.2 is now available and addresses the following:\n\nLock Screen\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to an iOS device may be able\nto access photos and contacts from the lock screen\nDescription:  A lock screen issue allowed access to photos and\ncontacts on a locked device. This issue was addressed by restricting\noptions offered on a locked device. \nCVE-ID\nCVE-2015-5923\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.0.2\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWCywnAAoJEBcWfLTuOo7tsbkP/A6aLss8SQXXBjrlKdLbAcWF\nx/zkFEwnHVG77cfXPwyEHnlqssVV/oc3Ynds6VdUmB4LiIT56NJc7Yl2eteg+PN7\nrVePaHZ2iHBqkdT6uoeFqTDirTcc/a01crBtIp9VS8vmbKovzdNwuaVHswX1dsWd\nFnHA04tf/g028f+mZ5r+fvgvP35jVJZZem0aLln2EIaxB4qIwTLzLZlXt6Wwg54q\ntf8xcGERemCzeiVHf3XUhZlZBwdGIya+MNNS7DZxQ9+9aqlinMmnlC8Ub66UAI9C\n24FphpZfMibBFh/PEBYarFnEA4DxNbFSL6wivVD4vjlgiFLLlcXpPtBU0DseOVDu\nspkUzYb0enjj0SZhxguxaIrUTqrtGLR0fqkQSOv1RITMalBeRvE6HDbO8U12Q5aM\nC1VTu0nR/6rzFOjhI1RhMLCsceuSEGCEv10ODZGzYkV2FEYiBeFU3ROloW4NqYf4\nMRKwMj2SVeySjzh6qh5i5fgFsd3YUug4AnLr0Uy5Rz9xsF3CaUkvdPfksVgh/IyF\nfGKr/pKqqWTguTNWYoDSaf/l0jTKceke8HVd04o8nIUjw6yOTk1MsKZ2WWFuQiaE\nV/ZCF+ssugHCm8k7zKnjYHhe4kp5v2Q4mJ/VzOGVcqOMABi33lm6yAnRFOPSld98\nACylj1OKP3rLyDKeEwRh\n=7WtW\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-5923"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      },
      {
        "db": "BID",
        "id": "76821"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83884"
      },
      {
        "db": "PACKETSTORM",
        "id": "133801"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-83884",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83884"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-5923",
        "trust": 2.9
      },
      {
        "db": "SECTRACK",
        "id": "1033687",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-121",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "76821",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "133801",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-83884",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83884"
      },
      {
        "db": "BID",
        "id": "76821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      },
      {
        "db": "PACKETSTORM",
        "id": "133801"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-121"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5923"
      }
    ]
  },
  "id": "VAR-201510-0233",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83884"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T20:07:06.516000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "APPLE-SA-2015-09-30-01 iOS 9.0.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00006.html"
      },
      {
        "title": "HT205284",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT205284"
      },
      {
        "title": "HT205284",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT205284"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5923"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205284"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1033687"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5923"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5923"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5923"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83884"
      },
      {
        "db": "BID",
        "id": "76821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      },
      {
        "db": "PACKETSTORM",
        "id": "133801"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-121"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5923"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-83884"
      },
      {
        "db": "BID",
        "id": "76821"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      },
      {
        "db": "PACKETSTORM",
        "id": "133801"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-121"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5923"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83884"
      },
      {
        "date": "2015-09-22T00:00:00",
        "db": "BID",
        "id": "76821"
      },
      {
        "date": "2015-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      },
      {
        "date": "2015-10-01T16:14:58",
        "db": "PACKETSTORM",
        "id": "133801"
      },
      {
        "date": "2015-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-121"
      },
      {
        "date": "2015-10-09T05:59:39.657000",
        "db": "NVD",
        "id": "CVE-2015-5923"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83884"
      },
      {
        "date": "2015-10-26T16:51:00",
        "db": "BID",
        "id": "76821"
      },
      {
        "date": "2015-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      },
      {
        "date": "2015-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-121"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-5923"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "76821"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-121"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS Vulnerable to reading user contact data",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005169"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-121"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-5923 (GCVE-0-2015-5923)

GSD-2015-5923

FKIE_CVE-2015-5923

GHSA-W78V-RRW8-QFH9

CNVD-2015-06461

CERTFR-2015-AVI-415

Solution

VAR-201510-0233

Tags

Sightings

Nomenclature