Lucene search

K
saintSAINT CorporationSAINT:D45272EB17E94D504AC1C8625B826B0B
HistoryApr 14, 2015 - 12:00 a.m.

OS X rootpipe privilege elevation

2015-04-1400:00:00
SAINT Corporation
my.saintcorporation.com
27

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

14.7%

Added: 04/14/2015
CVE: CVE-2015-1130
BID: 73982
OSVDB: 120418

Background

OS X is an operating system for Mac computers.

Problem

The Admin framework in OS X contains a hidden backdoor API which allows local users to gain root privileges.

Resolution

Upgrade to OS X 10.10.3 or apply security update 2015-004.

References

<https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/&gt;

Limitations

Exploit works on OS X 10.10 and requires an existing unprivileged connection.

Platforms

Mac OS X

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

14.7%

Related for SAINT:D45272EB17E94D504AC1C8625B826B0B