CVE-2015-1155

iPhone OS < 8.3 and Safari < 6.2.5 - Same Origin Policy Bypass via History Implementation

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1155. PoCs published by joev, including Metasploit module auxiliary/gather/safari_file_url_navigation.

AI-analyzed exploit summary This Metasploit module exploits a Safari sandbox escape vulnerability (CVE-2015-1155) by manipulating browser history and file:// URL navigation to read arbitrary files or install malicious extensions. It uses an FTP server to deliver a malicious .webarchive file.

Description

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

Exploits (1)

metasploit WORKING POC

by joev · rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/safari_file_url_navigation.rb

View Code ZIP pw:eip

This Metasploit module exploits a Safari sandbox escape vulnerability (CVE-2015-1155) by manipulating browser history and file:// URL navigation to read arbitrary files or install malicious extensions. It uses an FTP server to deliver a malicious .webarchive file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Safari before 8.0.6, 7.1.6, and 6.2.6

No auth needed

Prerequisites: Victim must visit a malicious webpage · FTP server accessible to the victim

MITRE ATT&CK