CVE-2015-5914
Severity CVSS v4.0:
Pending analysis
Type:
CWE-17
Code Errors
Publication date:
09/10/2015
Last modified:
12/04/2025
Description
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498.
Impact
Base Score 2.0
4.70
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.10.5 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://www.securitytracker.com/id/1033703
- https://support.apple.com/HT205267
- https://trmm.net/Thunderstrike_FAQ
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://www.securitytracker.com/id/1033703
- https://support.apple.com/HT205267
- https://trmm.net/Thunderstrike_FAQ