CVE-2015-1157

iPhone OS 8.x-8.3 - Denial of Service via Unicode Text in Notifications

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1157. PoCs published by perillamint.

AI-analyzed exploit summary This PoC demonstrates a simple TCP server exploit for CVE-2015-1157, which involves a vulnerability in a specific software. The server listens on port 23 and responds with a predefined message and data from a file, potentially exploiting a vulnerability in the target software.

Description

CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.

Exploits (1)

nomisec WORKING POC 3 stars
by perillamint · poc
https://github.com/perillamint/CVE-2015-1157

This PoC demonstrates a simple TCP server exploit for CVE-2015-1157, which involves a vulnerability in a specific software. The server listens on port 23 and responds with a predefined message and data from a file, potentially exploiting a vulnerability in the target software.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Unknown (CVE-2015-1157)
No auth needed
Prerequisites: Network access to the target · Target software vulnerable to CVE-2015-1157
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032408
Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT204942
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT205221
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75491
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT204941
Various Sources x_refsource_misc
https://ghostbin.com/paste/zws9m

Scores

EPSS 0.0555
EPSS Percentile 91.9%

Details

CWE
CWE-17
Status published
Products (10)
apple/iphone_os 8.0
apple/iphone_os 8.0.1
apple/iphone_os 8.0.2
apple/iphone_os 8.1
apple/iphone_os 8.1.2
apple/iphone_os 8.1.3
apple/iphone_os 8.2
apple/iphone_os 8.3
apple/itunes < 12.2
apple/mac_os_x < 10.0.3
Published May 28, 2015
Tracked Since Feb 18, 2026