⚠ Actively exploited

Added to CISA KEV on 2022-02-10. Federal agencies required to patch by 2022-08-10. Required action: Apply updates per vendor instructions..

CVE-2015-1130 — Link Following in Apple MAC OS X

CWE-59 — Link Following CWE-2548 documents7 sources

Severity

7.8HIGHNVD

EPSS

20.4%

top 4.45%

CISA KEV

KEV

Added 2022-02-10

Due 2022-08-10

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apple MAC OS X Apple OS X Yosemite V10.10.3 AND Security Update 2015-004

Timeline

PublishedApr 10

KEV addedFeb 10

Latest updateMay 17

KEV dueAug 10

CISA Required Action: Apply updates per vendor instructions.

Description

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDapple/mac_os_x< 10.10.3

▶Appleapple/os_x_yosemite_v10.10.3_and_security_update_2015-004

🔴Vulnerability Details

GHSA

GHSA-2697-3jf6-rpjg: The XPC implementation in Admin Framework in Apple OS X before 10↗2022-05-17

▶

VulnCheck

Apple OS X Authentication Bypass Vulnerability↗2015

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX - 'Rootpipe' Local Privilege Escalation (Metasploit)↗2015-04-13

▶

Exploit-DB

Apple Mac OSX < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Local Privilege Escalation↗2015-04-09

▶

Metasploit

Apple OS X Rootpipe Privilege Escalation↗

▶

📋Vendor Advisories

CISA

Apple OS X Authentication Bypass Vulnerability↗2022-02-10

▶

Apple

CVE-2015-1130: OS X Yosemite v10.10.3 and Security Update 2015-004↗

▶