CVE-2015-7068

HIGH

Apple iOS <9.2, macOS <10.11.2, tvOS <9.1, watchOS <2.1 - Denial of Service via IOKit SCSI Userclient Type

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7068. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit triggers a kernel NULL dereference in IOSCSIPeripheralDeviceType00 on OS X 10.11 by opening userclient type 12. It maps the NULL page as read-write to manipulate memory and cause a crash.

Description

IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdososx

https://www.exploit-db.com/exploits/39376

View Code ZIP pw:eip

This exploit triggers a kernel NULL dereference in IOSCSIPeripheralDeviceType00 on OS X 10.11 by opening userclient type 12. It maps the NULL page as read-write to manipulate memory and cause a crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Apple macOS 10.11 (El Capitan)

No auth needed

Prerequisites: Access to a vulnerable macOS system · Ability to execute code with sufficient permissions

MITRE ATT&CK