Sign-up

ID

VAR-201504-0091


CVE

CVE-2015-1140


TITLE

Apple OS X of IOHIDFamily Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2015-002190

DESCRIPTION

Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. The issue lies in the failure to properly sanitize user-supplied pointers before they are dereferenced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within IOKit IOHIDSecurePromptClient. This does not check the length of an attacker-supplied string to the __InsertBytes method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the kernel. The update addresses new vulnerabilities that affect the Admin Framework, ATS, CoreAnimation, Graphics Driver, Hypervisor, ImageIO, IOHIDFamily, Kernel, LaunchServices, UniformTypeIdentifiers, Security - Code Signing, Open Directory Client, and Screen Sharing components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information and perform other attacks. These issues affect Mac OS X prior to 10.10.3. A local attacker could exploit this vulnerability to gain privileges

Trust: 3.33

sources: NVD: CVE-2015-1140 // JVNDB: JVNDB-2015-002190 // ZDI: ZDI-15-165 // ZDI: ZDI-15-121 // BID: 73982 // VULHUB: VHN-79100 // VULMON: CVE-2015-1140

AFFECTED PRODUCTS

vendor:applemodel:os xscope: - version: -

Trust: 1.4

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 1.4

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 1.4

vendor:applemodel:mac os xscope:ltversion:10.10.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.2

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.2

Trust: 0.6

sources: ZDI: ZDI-15-165 // ZDI: ZDI-15-121 // JVNDB: JVNDB-2015-002190 // CNNVD: CNNVD-201504-110 // NVD: CVE-2015-1140

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2015-1140
value: MEDIUM

Trust: 1.4

nvd@nist.gov: CVE-2015-1140
value: HIGH

Trust: 1.0

NVD: CVE-2015-1140
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201504-110
value: HIGH

Trust: 0.6

VULHUB: VHN-79100
value: HIGH

Trust: 0.1

VULMON: CVE-2015-1140
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-1140
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2015-1140
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

ZDI: CVE-2015-1140
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-79100
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-15-165 // ZDI: ZDI-15-121 // VULHUB: VHN-79100 // VULMON: CVE-2015-1140 // JVNDB: JVNDB-2015-002190 // CNNVD: CNNVD-201504-110 // NVD: CVE-2015-1140

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-79100 // JVNDB: JVNDB-2015-002190 // NVD: CVE-2015-1140

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201504-110

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201504-110

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002190

PATCH
title:HT204659url:http://support.apple.com/en-us/HT204659
Trust: 2.2
title:APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004url:http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Trust: 0.8
title:HT204659url:http://support.apple.com/ja-jp/HT204659
Trust: 0.8
title:OSXUpd10.10.3url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54848
Trust: 0.6
title:iPhone7,1_8.3_12F70_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54847
Trust: 0.6
title:AppleTV3,2_7.2_12F69_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54849
Trust: 0.6
title:IosHackStudyurl:https://github.com/pandazheng/IosHackStudy 
Trust: 0.1
title:iOSSafetyLearningurl:https://github.com/shaveKevin/iOSSafetyLearning 
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-165 // 
            
            
            
            ZDI: ZDI-15-121 // 
            
            
            
            VULMON: CVE-2015-1140 // 
            
            
            
            JVNDB: JVNDB-2015-002190 // 
            
            
            
            CNNVD: CNNVD-201504-110

EXTERNAL IDS
db:NVDid:CVE-2015-1140
Trust: 4.3
db:BIDid:73982
Trust: 1.5
db:SECTRACKid:1032048
Trust: 1.2
db:ZDIid:ZDI-15-165
Trust: 1.0
db:ZDIid:ZDI-15-121
Trust: 1.0
db:JVNDBid:JVNDB-2015-002190
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2814
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-2676
Trust: 0.7
db:CNNVDid:CNNVD-201504-110
Trust: 0.7
db:VULHUBid:VHN-79100
Trust: 0.1
db:VULMONid:CVE-2015-1140
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-165 // 
            
            
            
            ZDI: ZDI-15-121 // 
            
            
            
            VULHUB: VHN-79100 // 
            
            
            
            VULMON: CVE-2015-1140 // 
            
            
            
            BID: 73982 // 
            
            
            
            JVNDB: JVNDB-2015-002190 // 
            
            
            
            CNNVD: CNNVD-201504-110 // 
            
            
            
            NVD: CVE-2015-1140

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html
Trust: 1.8
url:https://support.apple.com/ht204659
Trust: 1.8
url:https://support.apple.com/en-us/ht204659
Trust: 1.7
url:http://www.securityfocus.com/bid/73982
Trust: 1.3
url:http://www.securitytracker.com/id/1032048
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1140
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1140
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-15-165/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-15-121/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/pandazheng/mac-ios-security
Trust: 0.1
url:https://github.com/pandazheng/ioshackstudy
Trust: 0.1
sources:
            
            
            ZDI: ZDI-15-165 // 
            
            
            
            ZDI: ZDI-15-121 // 
            
            
            
            VULHUB: VHN-79100 // 
            
            
            
            VULMON: CVE-2015-1140 // 
            
            
            
            BID: 73982 // 
            
            
            
            JVNDB: JVNDB-2015-002190 // 
            
            
            
            CNNVD: CNNVD-201504-110 // 
            
            
            
            NVD: CVE-2015-1140

CREDITS
lokihardt@ASRT
Trust: 1.3
sources:
            
            
            ZDI: ZDI-15-121 // 
            
            
            
            CNNVD: CNNVD-201504-110

SOURCES
db:ZDIid:ZDI-15-165
db:ZDIid:ZDI-15-121
db:VULHUBid:VHN-79100
db:VULMONid:CVE-2015-1140
db:BIDid:73982
db:JVNDBid:JVNDB-2015-002190
db:CNNVDid:CNNVD-201504-110
db:NVDid:CVE-2015-1140

LAST UPDATE DATE
2025-04-13T21:51:25.830000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-165date:2015-04-29T00:00:00
db:ZDIid:ZDI-15-121date:2015-04-08T00:00:00
db:VULHUBid:VHN-79100date:2019-01-31T00:00:00
db:VULMONid:CVE-2015-1140date:2019-01-31T00:00:00
db:BIDid:73982date:2015-05-12T19:47:00
db:JVNDBid:JVNDB-2015-002190date:2015-04-14T00:00:00
db:CNNVDid:CNNVD-201504-110date:2019-03-01T00:00:00
db:NVDid:CVE-2015-1140date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-15-165date:2015-04-29T00:00:00
db:ZDIid:ZDI-15-121date:2015-04-08T00:00:00
db:VULHUBid:VHN-79100date:2015-04-10T00:00:00
db:VULMONid:CVE-2015-1140date:2015-04-10T00:00:00
db:BIDid:73982date:2015-04-08T00:00:00
db:JVNDBid:JVNDB-2015-002190date:2015-04-14T00:00:00
db:CNNVDid:CNNVD-201504-110date:2015-04-10T00:00:00
db:NVDid:CVE-2015-1140date:2015-04-10T14:59:51.277