CVE-2015-1117Apple Iphone OS vulnerability

CWE-2646 documents3 sources
Severity
6.9MEDIUMNVD
EPSS
0.1%
top 68.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple Iphone OSApple MAC OS XApple Tvos+4 more
Timeline
PublishedApr 10
Latest updateMay 14

Description

The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages7 packages

NVDapple/tvos7.1
NVDapple/mac_os_x10.10.2
Appleapple/ios8.3
Appleapple/apple_tv7.2

🔴Vulnerability Details

1
GHSA
GHSA-c7w9-2ppc-fcrj: The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 82022-05-14

📋Vendor Advisories

4
Apple
CVE-2015-1117: iOS 8.3
Apple
CVE-2015-1117: Apple TV 7.2
Apple
CVE-2015-1117: Watch OS 1.0.1
Apple
CVE-2015-1117: OS X Yosemite v10.10.3 and Security Update 2015-004