Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-5754 — Race Condition in Apple MAC OS X

CWE-362 — Race Condition5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

21.7%

top 4.25%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple OS X Yosemite V10.10.5 AND Security Update 2015-006

Timeline

PublishedAug 17

Latest updateMay 17

Description

Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/mac_os_x10.10.4

▶Appleapple/os_x_yosemite_v10.10.5_and_security_update_2015-006

🔴Vulnerability Details

GHSA

GHSA-hh9w-r9fj-gh4v: Race condition in runner in Install↗2022-05-17

▶

Project0

Revisiting Apple IPC: (1) Distributed Objects - Project Zero↗2015-09-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation↗2015-09-10

▶

📋Vendor Advisories

Apple

CVE-2015-5754: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶