CVE-2015-5754

macOS < 10.10.5 - Privilege Escalation via Install Framework Legacy Runner Race Condition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5754. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a race condition in the Install.framework's suid root binary to escalate privileges via Distributed Objects. By connecting two proxy objects to IFInstallRunner, it gains root access through a callback mechanism after seteuid(0) is called.

Description

Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalosx

https://www.exploit-db.com/exploits/38136

View Code ZIP pw:eip

This exploit leverages a race condition in the Install.framework's suid root binary to escalate privileges via Distributed Objects. By connecting two proxy objects to IFInstallRunner, it gains root access through a callback mechanism after seteuid(0) is called.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: macOS Install.framework (pre-2015 versions)

No auth needed

Prerequisites: Local access to a vulnerable macOS system · Install.framework with the vulnerable suid binary

MITRE ATT&CK