Lucene search
AnonymousZDI-15-390HistoryAug 13, 2015 - 12:00 a.m.
Apple OS X iCloud Account Authentication Elevation Of Privilege Vulnerability
2015-08-1300:00:00
Anonymous
www.zerodayinitiative.com
24
EPSS
0.005
Percentile
75.5%
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must have shell access to exploit this vulnerability, however Guest access is sufficient. The specific flaw exists within the authentication of users who use their iCloud account and password to log in to OS X. Any user is able to change the password of these users without knowing the previous password. This allows an attacker to run arbitrary commands as that user. If the target user is an Admin, the attacker can run arbitrary commands as root.
References
Related
cvelist
cvelist
CVE-2015-3799
2015-08-16 23:00:00
prion
prion
Code injection
2015-08-17 00:00:00
zdt
zdt
iCloud Account Authentication Elevation Of Privilege Vulnerability
2015-08-14 00:00:00
cve
cve
CVE-2015-3799
2015-08-17 00:00:14
nvd
nvd
CVE-2015-3799
2015-08-17 00:00:14
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-03 (Oct 2015)
2015-10-29 00:00:00
nessus
nessus
Mac OS X < 10.10.5 Multiple Vulnerabilities
2015-10-16 00:00:00
Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
2015-08-17 00:00:00
securityvulns
securityvulns
Apple Mac OS X / OS X Server multiple security vulnerabilities
2015-08-17 00:00:00
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
2015-08-17 00:00:00