CVE-2015-1130

Apple OS X Authentication Bypass Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

La implementación XPC en Admin Framework en Apple OS X anterior a 10.10.3 permite a usuarios locales evadir la autenticación y obtener privilegios administrativos a través de vectores no especificados.

OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2015-01-16 CVE Reserved
2015-04-09 CVE Published
2015-04-09 First Exploit
2022-02-10 Exploited in Wild
2022-08-10 KEV Due Date
2025-01-29 CVE Updated
2025-03-30 EPSS Updated

CWE

CWE-59: Improper Link Resolution Before File Access ('Link Following')
CWE-254: 7PK - Security Features

CAPEC

References (12)

URL	Tag	Source
http://www.osvdb.org/120418	Vdb Entry
http://www.securitytracker.com/id/1032048	Vdb Entry
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x

URL	Date	SRC
https://packetstorm.news/files/id/131381	2015-04-10
https://packetstorm.news/files/id/131368	2015-04-09
https://www.exploit-db.com/exploits/36745	2015-04-13
https://www.exploit-db.com/exploits/36692	2025-01-29
https://github.com/Shmoopi/RootPipe-Demo	2024-02-24
https://github.com/sideeffect42/RootPipeTester	2024-03-12
http://www.securityfocus.com/bid/73982	2025-01-29

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	2015-09-17
https://support.apple.com/HT204659	2015-09-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				<= 10.10.2 Search vendor "Apple" for product "Mac Os X" and version " <= 10.10.2"		-		Affected