CVE-2015-1130

HIGH KEV

Apple OS X Rootpipe Privilege Escalation

Title source: metasploit

Description

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

Exploits (5)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalosx

https://www.exploit-db.com/exploits/36745

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Emil Kvarnhammar · pythonlocalosx

https://www.exploit-db.com/exploits/36692

View Code ZIP pw:eip

nomisec WRITEUP 18 stars

by sideeffect42 · local

https://github.com/sideeffect42/RootPipeTester

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by Shmoopi · local

https://github.com/Shmoopi/RootPipe-Demo

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Emil Kvarnhammar, joev, wvu · rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/rootpipe.rb

View Code ZIP pw:eip

References (7)

[Mailing List, Vendor Advisory] http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

[Broken Link] http://www.osvdb.org/120418

[Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/73982

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032048

[Vendor Advisory] https://support.apple.com/HT204659

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/36692/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1130

Scores

CVSS v3 7.8

EPSS 0.2039

EPSS Percentile 95.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-02-10

VulnCheck KEV 2022-02-10

InTheWild.io 2022-02-10

ENISA EUVD EUVD-2015-1273

CWE

CWE-59

Status published

Products (1)

apple/mac_os_x < 10.10.3

Published Apr 10, 2015

KEV Added Feb 10, 2022

Tracked Since Feb 18, 2026