ID

VAR-201509-0035


CVE

CVE-2015-5882


TITLE

Apple iOS of processor_set_tasks API Vulnerabilities that bypass the entitlement protection mechanism in the implementation of

Trust: 0.8

sources: JVNDB: JVNDB-2015-004751

DESCRIPTION

The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 2.07

sources: NVD: CVE-2015-5882 // JVNDB: JVNDB-2015-004751 // BID: 76764 // VULHUB: VHN-83843 // VULMON: CVE-2015-5882

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 1.6

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2 (apple watch)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004751 // CNNVD: CNNVD-201509-350 // NVD: CVE-2015-5882

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5882
value: HIGH

Trust: 1.0

NVD: CVE-2015-5882
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201509-350
value: HIGH

Trust: 0.6

VULHUB: VHN-83843
value: HIGH

Trust: 0.1

VULMON: CVE-2015-5882
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-5882
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83843
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83843 // VULMON: CVE-2015-5882 // JVNDB: JVNDB-2015-004751 // CNNVD: CNNVD-201509-350 // NVD: CVE-2015-5882

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-83843 // JVNDB: JVNDB-2015-004751 // NVD: CVE-2015-5882

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201509-350

TYPE

Unknown

Trust: 0.3

sources: BID: 76764

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004751

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:APPLE-SA-2015-09-21-1 watchOS 2url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Trust: 0.8

title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Trust: 0.8

title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

Trust: 0.8

title:HT205267url:https://support.apple.com/en-us/HT205267

Trust: 0.8

title:HT205212url:https://support.apple.com/en-us/HT205212

Trust: 0.8

title:HT205213url:https://support.apple.com/en-us/HT205213

Trust: 0.8

title:HT205267url:http://support.apple.com/ja-jp/HT205267

Trust: 0.8

title:HT205212url:http://support.apple.com/ja-jp/HT205212

Trust: 0.8

title:HT205213url:http://support.apple.com/ja-jp/HT205213

Trust: 0.8

title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7

Trust: 0.1

sources: VULMON: CVE-2015-5882 // JVNDB: JVNDB-2015-004751

EXTERNAL IDS

db:NVDid:CVE-2015-5882

Trust: 2.9

db:BIDid:76764

Trust: 1.5

db:SECTRACKid:1033609

Trust: 1.2

db:JVNid:JVNVU97220341

Trust: 0.8

db:JVNid:JVNVU99970459

Trust: 0.8

db:JVNDBid:JVNDB-2015-004751

Trust: 0.8

db:CNNVDid:CNNVD-201509-350

Trust: 0.7

db:VULHUBid:VHN-83843

Trust: 0.1

db:VULMONid:CVE-2015-5882

Trust: 0.1

sources: VULHUB: VHN-83843 // VULMON: CVE-2015-5882 // BID: 76764 // JVNDB: JVNDB-2015-004751 // CNNVD: CNNVD-201509-350 // NVD: CVE-2015-5882

REFERENCES

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html

Trust: 1.8

url:https://support.apple.com/ht205212

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00005.html

Trust: 1.2

url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html

Trust: 1.2

url:http://www.securityfocus.com/bid/76764

Trust: 1.2

url:https://support.apple.com/ht205213

Trust: 1.2

url:https://support.apple.com/ht205267

Trust: 1.2

url:http://www.securitytracker.com/id/1033609

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5882

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99970459/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu97220341/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5882

Trust: 0.8

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/ipad/

Trust: 0.3

url:http://www.apple.com/iphone/

Trust: 0.3

url:http://www.apple.com/ipodtouch/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/284.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/kb/ht205267

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/apple-ios-cve-2015-5861

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307

Trust: 0.1

sources: VULHUB: VHN-83843 // VULMON: CVE-2015-5882 // BID: 76764 // JVNDB: JVNDB-2015-004751 // CNNVD: CNNVD-201509-350 // NVD: CVE-2015-5882

CREDITS

Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,

Trust: 0.3

sources: BID: 76764

SOURCES

db:VULHUBid:VHN-83843
db:VULMONid:CVE-2015-5882
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004751
db:CNNVDid:CNNVD-201509-350
db:NVDid:CVE-2015-5882

LAST UPDATE DATE

2025-04-13T20:49:10.762000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-83843date:2016-12-22T00:00:00
db:VULMONid:CVE-2015-5882date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004751date:2015-10-06T00:00:00
db:CNNVDid:CNNVD-201509-350date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5882date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-83843date:2015-09-18T00:00:00
db:VULMONid:CVE-2015-5882date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004751date:2015-09-24T00:00:00
db:CNNVDid:CNNVD-201509-350date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5882date:2015-09-18T12:00:21.090