CVE-2015-1130
Published: 10 April 2015
Summary
CVE-2015-1130 is a high-severity Link Following (CWE-59) vulnerability in Apple Mac Os X. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 3.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
The vulnerability is a flaw in the XPC implementation within the Admin Framework component of Apple OS X versions prior to 10.10.3. It is assigned CVE-2015-1130 with a CVSS 3.1 base score of 7.8 and is associated with CWE-59. The issue permits local users to bypass authentication mechanisms and obtain administrative privileges through unspecified vectors.
Local attackers with a valid user account on an affected system can exploit the weakness to escalate privileges without requiring user interaction or additional authentication. Successful exploitation grants full administrative control, enabling arbitrary changes to system configuration, access to protected resources, and execution of privileged operations.
Apple's security advisory and the corresponding support document HT204659 indicate that the issue is resolved in OS X 10.10.3. Administrators are advised to apply the update from the referenced Apple security announcement to eliminate the vulnerable code paths. No further mitigation details such as configuration workarounds are specified in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-1273
Vulnerability details
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
- CWE(s)
- KEV Date Added
- 10 February 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization decisions that the XPC flaw in Admin Framework bypasses to grant admin rights.
Requires successful identification and authentication before allowing privilege escalation, blocking the local auth-bypass vector.
Mandates timely patching of the identified flaw in OS X Admin Framework to eliminate the vulnerable XPC code paths.