Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-5784Apple MAC OS X vulnerability

CWE-2645 documents5 sources
Severity
9.3CRITICALNVD
EPSS
21.9%
top 4.22%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MAC OS XApple OS X Yosemite V10.10.5 AND Security Update 2015-006
Timeline
PublishedAug 17
Latest updateMay 17

Description

runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x10.10.4

🔴Vulnerability Details

2
GHSA
GHSA-55gf-97v8-5hw3: runner in Install2022-05-17
Project0
Revisiting Apple IPC: (1) Distributed Objects - Project Zero2015-09-01

💥Exploits & PoCs

1
Exploit-DB
Apple Mac OSX Install.Framework - Arbitrary mkdir / unlink and chown to Admin Group2015-09-10

📋Vendor Advisories

1
Apple
CVE-2015-5784: OS X Yosemite v10.10.5 and Security Update 2015-006