CVE-2015-1157 | Vulnerability Database | Aqua Security

CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.

Affected Software

Name	Vendor	Start Version	End Version
Iphone_os	Apple	8.0 (including)	8.0 (including)
Iphone_os	Apple	8.0.1 (including)	8.0.1 (including)
Iphone_os	Apple	8.0.2 (including)	8.0.2 (including)
Iphone_os	Apple	8.1 (including)	8.1 (including)
Iphone_os	Apple	8.1.2 (including)	8.1.2 (including)
Iphone_os	Apple	8.1.3 (including)	8.1.3 (including)
Iphone_os	Apple	8.2 (including)	8.2 (including)
Iphone_os	Apple	8.3 (including)	8.3 (including)

References

http://9to5mac.com/2015/05/27/how-to-fix-ios-text-message-bug-crash-reboot/
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942
http://www.ibtimes.co.uk/apple-ios-bug-sees-message-app-crash-iphone-reboot-simply-by-receiving-message-1503083
http://www.reddit.com/r/apple/comments/37e8c1/malicious_text_message/
http://www.reddit.com/r/apple/comments/37enow/about_the_latest_iphone_security_vulnerability/
http://www.reddit.com/r/explainlikeimfive/comments/37edde/eli5_how_that_text_you_can_send_to_friends_turns/
http://www.securityfocus.com/bid/75491
http://www.securitytracker.com/id/1032408
http://zanzebek.com/a-simple-text-message-can-ruin-any-iphone/
https://ghostbin.com/paste/zws9m
https://support.apple.com/HT205221

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-1157
CWE	https://cwe.mitre.org/data/definitions/17.html