Sign-up

ID

VAR-201507-0455


CVE

CVE-2015-3692


TITLE

BIOS implementations fail to properly set UEFI write protections after waking from sleep mode

Trust: 0.8

sources: CERT/CC: VU#577140

DESCRIPTION

Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges. Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy using root authority by a third party, EFI There is a possibility that a flash attack will be executed. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges and to bypass security restrictions or perform unauthorized actions. These issues affect Mac OS X prior to 10.10.4. Apple Mac EFI is one of the firmware upgrade interfaces. A local attacker could exploit this vulnerability to modify the EFI flash memory with root privileges. This issue was addressed through improved locking. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates. CVE-ID CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014) Mac EFI Security Update 2015-001 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVkfe2AAoJEBcWfLTuOo7tov8P/13ou+R6Z9qOXiKLcdGKaf+l jr6o3SnIzbRM1D53d52e0xAPGuWbyUGkzoZBzBDQBt+dGj0n98NNJKsX/Stm/4mB onEh21h1AflSWucTzHcJ4+PdwtvWofeFJ3bND8CZ6M8keHPBfwjY+yY3C5LNFv2w rcQzKfufHPtdfKMp5xd7v26PUQvTKJP2F72xxZWgLnhu+MCGA4hjpU4oNWzbd79T oUgHUrRUmgnjKdSdHo3wyNycLVkCMdwupF2C+v8cIg8X4veLtpj2XitsJrnj09kh 87ahgsvvFZo7yZLBDgoKx8/LU3p2NkozxhvizW3/HNnsF7bYgDTPF4afn4WGuGwM 7SXuoBxnwlv0cd3+l5EeWVzqnl0owEzhY8n+wr/nWP/6sMl9+AMl6b1HmgCf0PIw duC2F5PlCPbyq9F0YksEvMxJ4c2F9MADiqAPEa8Y5Nt2cUj+6KpGD8t47TlhRCWu obI1en03HBKA0+5Eh42A4IVHMJKBU8fpajWD4twjXaIKwaHgMjd64v9JqS6JAAR2 3QiMGhPp0FomBAiYX299jCkMnOeyeM1Avzv9al9TgUhoTrDDlMhI7wM8bibcGF3j qG/M/C8bVDeEJmYaSXJADevY9lq5Vp5SHL0d4nf6sZ4XCF+IP/GZekj/+bDXN2KQ nW0qODyqKboBMikYspwF =nAip -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2015-3692 // CERT/CC: VU#577140 // JVNDB: JVNDB-2015-003398 // BID: 75495 // VULHUB: VHN-81653 // VULMON: CVE-2015-3692 // PACKETSTORM: 132519

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.3

Trust: 1.0

vendor:american megatrends incorporated amimodel: - scope: - version: -

Trust: 0.8

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:dell computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac efiscope:ltversion:2015-001

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10 to 10.10.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.8.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.10.4

Trust: 0.3

sources: CERT/CC: VU#577140 // BID: 75495 // JVNDB: JVNDB-2015-003398 // CNNVD: CNNVD-201507-053 // NVD: CVE-2015-3692

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3692
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3692
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-053
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81653
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-3692
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3692
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81653
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81653 // VULMON: CVE-2015-3692 // JVNDB: JVNDB-2015-003398 // CNNVD: CNNVD-201507-053 // NVD: CVE-2015-3692

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-81653 // JVNDB: JVNDB-2015-003398 // NVD: CVE-2015-3692

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201507-053

TYPE

Unknown

Trust: 0.3

sources: BID: 75495

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003398

PATCH
title:APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005url:http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
Trust: 0.8
title:APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001url:http://lists.apple.com/archives/security-announce/2015/Jun/msg00003.html
Trust: 0.8
title:HT204934url:http://support.apple.com/en-us/HT204934
Trust: 0.8
title:HT204942url:http://support.apple.com/en-us/HT204942
Trust: 0.8
title:HT204934url:http://support.apple.com/ja-jp/HT204934
Trust: 0.8
title:HT204942url:http://support.apple.com/ja-jp/HT204942
Trust: 0.8
title:quicktime7.7.7_installerurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517
Trust: 0.6
title:osxupd10.10.4url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516
Trust: 0.6
title:iPhone7,1_8.4_12H143_Restoreurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515
Trust: 0.6
title:Apple: Mac EFI Security Update 2015-001url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1f3be5a570e2f0c6d63000f193b3e268
Trust: 0.1
title:Apple: OS X Yosemite v10.10.4 and Security Update 2015-005url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50398602701d671602946005c7864211
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-3692 // 
            
            
            
            JVNDB: JVNDB-2015-003398 // 
            
            
            
            CNNVD: CNNVD-201507-053

EXTERNAL IDS
db:NVDid:CVE-2015-3692
Trust: 3.0
db:CERT/CCid:VU#577140
Trust: 1.9
db:BIDid:75495
Trust: 1.5
db:SECTRACKid:1032444
Trust: 1.2
db:JVNid:JVNVU99464019
Trust: 0.8
db:JVNDBid:JVNDB-2015-003398
Trust: 0.8
db:CNNVDid:CNNVD-201507-053
Trust: 0.7
db:PACKETSTORMid:132519
Trust: 0.2
db:VULHUBid:VHN-81653
Trust: 0.1
db:VULMONid:CVE-2015-3692
Trust: 0.1
sources:
            
            
            CERT/CC: VU#577140 // 
            
            
            
            VULHUB: VHN-81653 // 
            
            
            
            VULMON: CVE-2015-3692 // 
            
            
            
            BID: 75495 // 
            
            
            
            JVNDB: JVNDB-2015-003398 // 
            
            
            
            PACKETSTORM: 132519 // 
            
            
            
            CNNVD: CNNVD-201507-053 // 
            
            
            
            NVD: CVE-2015-3692

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2015/jun/msg00003.html
Trust: 1.8
url:http://support.apple.com/kb/ht204934
Trust: 1.8
url:http://support.apple.com/kb/ht204942
Trust: 1.8
url:http://www.securityfocus.com/bid/75495
Trust: 1.2
url:http://www.securitytracker.com/id/1032444
Trust: 1.2
url:https://support.apple.com/en-us/ht204934
Trust: 1.1
url:https://www.kb.cert.org/vuls/id/577140
Trust: 1.1
url:https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/
Trust: 0.8
url:http://support.dell.com/
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3692
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99464019/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3692
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-ie/ht204934
Trust: 0.3
url:https://support.apple.com/en-ie/ht204942
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-efi-cve-2015-3692
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39582
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-efi-cve-2015-3693
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3692
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3693
Trust: 0.1
sources:
            
            
            CERT/CC: VU#577140 // 
            
            
            
            VULHUB: VHN-81653 // 
            
            
            
            VULMON: CVE-2015-3692 // 
            
            
            
            BID: 75495 // 
            
            
            
            JVNDB: JVNDB-2015-003398 // 
            
            
            
            PACKETSTORM: 132519 // 
            
            
            
            CNNVD: CNNVD-201507-053 // 
            
            
            
            NVD: CVE-2015-3692

CREDITS
Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaça, Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)
Trust: 0.3
sources:
            
            
            BID: 75495

SOURCES
db:CERT/CCid:VU#577140
db:VULHUBid:VHN-81653
db:VULMONid:CVE-2015-3692
db:BIDid:75495
db:JVNDBid:JVNDB-2015-003398
db:PACKETSTORMid:132519
db:CNNVDid:CNNVD-201507-053
db:NVDid:CVE-2015-3692

LAST UPDATE DATE
2025-04-13T23:18:05.194000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#577140date:2015-08-12T00:00:00
db:VULHUBid:VHN-81653date:2016-12-06T00:00:00
db:VULMONid:CVE-2015-3692date:2016-12-06T00:00:00
db:BIDid:75495date:2015-08-12T22:26:00
db:JVNDBid:JVNDB-2015-003398date:2015-08-03T00:00:00
db:CNNVDid:CNNVD-201507-053date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3692date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#577140date:2015-07-30T00:00:00
db:VULHUBid:VHN-81653date:2015-07-03T00:00:00
db:VULMONid:CVE-2015-3692date:2015-07-03T00:00:00
db:BIDid:75495date:2015-06-30T00:00:00
db:JVNDBid:JVNDB-2015-003398date:2015-07-08T00:00:00
db:PACKETSTORMid:132519date:2015-07-01T05:34:45
db:CNNVDid:CNNVD-201507-053date:2015-07-03T00:00:00
db:NVDid:CVE-2015-3692date:2015-07-03T01:59:46.900