Sign-up

ID

VAR-201510-0091


CVE

CVE-2015-5866


TITLE

Apple OS X of IOHIDFamily Vulnerable to arbitrary code execution in a privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2015-005142

DESCRIPTION

IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. IOHIDFamily is one of the kernel extensions (Abstract Interface for Human Interface Devices) component

Trust: 2.07

sources: NVD: CVE-2015-5866 // JVNDB: JVNDB-2015-005142 // BID: 76908 // VULHUB: VHN-83827 // VULMON: CVE-2015-5866

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005142 // CNNVD: CNNVD-201510-093 // NVD: CVE-2015-5866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5866
value: HIGH

Trust: 1.0

NVD: CVE-2015-5866
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201510-093
value: CRITICAL

Trust: 0.6

VULHUB: VHN-83827
value: HIGH

Trust: 0.1

VULMON: CVE-2015-5866
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-5866
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83827
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83827 // VULMON: CVE-2015-5866 // JVNDB: JVNDB-2015-005142 // CNNVD: CNNVD-201510-093 // NVD: CVE-2015-5866

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-83827 // JVNDB: JVNDB-2015-005142 // NVD: CVE-2015-5866

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-093

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201510-093

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005142

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:Apple OS X IOHIDFamily Fixes for component buffer overflow vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57946
Trust: 0.6
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5866 // 
            
            
            
            JVNDB: JVNDB-2015-005142 // 
            
            
            
            CNNVD: CNNVD-201510-093

EXTERNAL IDS
db:NVDid:CVE-2015-5866
Trust: 2.9
db:BIDid:76908
Trust: 1.5
db:SECTRACKid:1033703
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNDBid:JVNDB-2015-005142
Trust: 0.8
db:CNNVDid:CNNVD-201510-093
Trust: 0.7
db:VULHUBid:VHN-83827
Trust: 0.1
db:VULMONid:CVE-2015-5866
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83827 // 
            
            
            
            VULMON: CVE-2015-5866 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005142 // 
            
            
            
            CNNVD: CNNVD-201510-093 // 
            
            
            
            NVD: CVE-2015-5866

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.8
url:https://support.apple.com/ht205267
Trust: 1.8
url:http://www.securityfocus.com/bid/76908
Trust: 1.3
url:http://www.securitytracker.com/id/1033703
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5866
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5866
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-in/ht205267
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83827 // 
            
            
            
            VULMON: CVE-2015-5866 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005142 // 
            
            
            
            CNNVD: CNNVD-201510-093 // 
            
            
            
            NVD: CVE-2015-5866

CREDITS
Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of
Trust: 0.3
sources:
            
            
            BID: 76908

SOURCES
db:VULHUBid:VHN-83827
db:VULMONid:CVE-2015-5866
db:BIDid:76908
db:JVNDBid:JVNDB-2015-005142
db:CNNVDid:CNNVD-201510-093
db:NVDid:CVE-2015-5866

LAST UPDATE DATE
2025-04-13T21:52:47.150000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83827date:2016-12-09T00:00:00
db:VULMONid:CVE-2015-5866date:2016-12-09T00:00:00
db:BIDid:76908date:2015-12-08T22:02:00
db:JVNDBid:JVNDB-2015-005142date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-093date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5866date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83827date:2015-10-09T00:00:00
db:VULMONid:CVE-2015-5866date:2015-10-09T00:00:00
db:BIDid:76908date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-005142date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-093date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5866date:2015-10-09T05:59:11.563