CVE-2015-5882
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
18/09/2015
Last modified:
12/04/2025
Description
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:watchos:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.10.5 (including) | |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 8.4.1 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://www.securityfocus.com/bid/76764
- http://www.securitytracker.com/id/1033609
- https://support.apple.com/HT205212
- https://support.apple.com/HT205213
- https://support.apple.com/HT205267
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://www.securityfocus.com/bid/76764
- http://www.securitytracker.com/id/1033609
- https://support.apple.com/HT205212
- https://support.apple.com/HT205213
- https://support.apple.com/HT205267