Cyber Resilience

CVE-2015-1130

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 10 April 2015

Published
10 April 2015
Modified
21 April 2026
KEV Added
10 February 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2342 96.1th percentile
Risk Priority 50 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2015-1130 is a high-severity Link Following (CWE-59) vulnerability in Apple Mac Os X. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 3.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

The vulnerability is a flaw in the XPC implementation within the Admin Framework component of Apple OS X versions prior to 10.10.3. It is assigned CVE-2015-1130 with a CVSS 3.1 base score of 7.8 and is associated with CWE-59. The issue permits local users to bypass authentication mechanisms and obtain administrative privileges through unspecified vectors.

Local attackers with a valid user account on an affected system can exploit the weakness to escalate privileges without requiring user interaction or additional authentication. Successful exploitation grants full administrative control, enabling arbitrary changes to system configuration, access to protected resources, and execution of privileged operations.

Apple's security advisory and the corresponding support document HT204659 indicate that the issue is resolved in OS X 10.10.3. Administrators are advised to apply the update from the referenced Apple security announcement to eliminate the vulnerable code paths. No further mitigation details such as configuration workarounds are specified in the provided references.

EU & UK References

Vulnerability details

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

CWE(s)
KEV Date Added
10 February 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
mac os x
≤ 10.10.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization decisions that the XPC flaw in Admin Framework bypasses to grant admin rights.

prevent

Requires successful identification and authentication before allowing privilege escalation, blocking the local auth-bypass vector.

prevent

Mandates timely patching of the identified flaw in OS X Admin Framework to eliminate the vulnerable XPC code paths.

References