7.2

CVE-2015-5882

The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplewatchOS Version1.0
ApplemacOS X Version <= 10.10.5
AppleiPhone OS Version <= 8.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.241
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Vendor Advisory
https://support.apple.com/HT205212
Vendor Advisory
https://support.apple.com/HT205213
Vendor Advisory
https://support.apple.com/HT205267
Vendor Advisory
http://www.securityfocus.com/bid/76764
http://www.securitytracker.com/id/1033609