VAR-201504-0091
Vulnerability from variot - Updated: 2025-04-13 21:51Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. The issue lies in the failure to properly sanitize user-supplied pointers before they are dereferenced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within IOKit IOHIDSecurePromptClient. This does not check the length of an attacker-supplied string to the __InsertBytes method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the kernel. The update addresses new vulnerabilities that affect the Admin Framework, ATS, CoreAnimation, Graphics Driver, Hypervisor, ImageIO, IOHIDFamily, Kernel, LaunchServices, UniformTypeIdentifiers, Security - Code Signing, Open Directory Client, and Screen Sharing components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information and perform other attacks. These issues affect Mac OS X prior to 10.10.3. A local attacker could exploit this vulnerability to gain privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0091",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "os x",
"scope": null,
"trust": 1.4,
"vendor": "apple",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.2"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-165"
},
{
"db": "ZDI",
"id": "ZDI-15-121"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002190"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-110"
},
{
"db": "NVD",
"id": "CVE-2015-1140"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002190"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lokihardt@ASRT",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-121"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-110"
}
],
"trust": 1.3
},
"cve": "CVE-2015-1140",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-1140",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2015-1140",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CVE-2015-1140",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-79100",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2015-1140",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1140",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-1140",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-110",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-79100",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-1140",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-165"
},
{
"db": "ZDI",
"id": "ZDI-15-121"
},
{
"db": "VULHUB",
"id": "VHN-79100"
},
{
"db": "VULMON",
"id": "CVE-2015-1140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002190"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-110"
},
{
"db": "NVD",
"id": "CVE-2015-1140"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. The issue lies in the failure to properly sanitize user-supplied pointers before they are dereferenced. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within IOKit IOHIDSecurePromptClient. This does not check the length of an attacker-supplied string to the __InsertBytes method before copying it into a fixed length buffer on the heap. This allows an attacker to execute arbitrary code in the context of the kernel. \nThe update addresses new vulnerabilities that affect the Admin Framework, ATS, CoreAnimation, Graphics Driver, Hypervisor, ImageIO, IOHIDFamily, Kernel, LaunchServices, UniformTypeIdentifiers, Security - Code Signing, Open Directory Client, and Screen Sharing components. \nAttackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information and perform other attacks. \nThese issues affect Mac OS X prior to 10.10.3. A local attacker could exploit this vulnerability to gain privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002190"
},
{
"db": "ZDI",
"id": "ZDI-15-165"
},
{
"db": "ZDI",
"id": "ZDI-15-121"
},
{
"db": "BID",
"id": "73982"
},
{
"db": "VULHUB",
"id": "VHN-79100"
},
{
"db": "VULMON",
"id": "CVE-2015-1140"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1140",
"trust": 4.3
},
{
"db": "BID",
"id": "73982",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1032048",
"trust": 1.2
},
{
"db": "ZDI",
"id": "ZDI-15-165",
"trust": 1.0
},
{
"db": "ZDI",
"id": "ZDI-15-121",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002190",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2814",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2676",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201504-110",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-79100",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-1140",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-165"
},
{
"db": "ZDI",
"id": "ZDI-15-121"
},
{
"db": "VULHUB",
"id": "VHN-79100"
},
{
"db": "VULMON",
"id": "CVE-2015-1140"
},
{
"db": "BID",
"id": "73982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002190"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-110"
},
{
"db": "NVD",
"id": "CVE-2015-1140"
}
]
},
"id": "VAR-201504-0091",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-79100"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T21:51:25.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT204659",
"trust": 2.2,
"url": "http://support.apple.com/en-us/HT204659"
},
{
"title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"title": "HT204659",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT204659"
},
{
"title": "OSXUpd10.10.3",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54848"
},
{
"title": "iPhone7,1_8.3_12F70_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54847"
},
{
"title": "AppleTV3,2_7.2_12F69_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54849"
},
{
"title": "IosHackStudy",
"trust": 0.1,
"url": "https://github.com/pandazheng/IosHackStudy "
},
{
"title": "iOSSafetyLearning",
"trust": 0.1,
"url": "https://github.com/shaveKevin/iOSSafetyLearning "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-165"
},
{
"db": "ZDI",
"id": "ZDI-15-121"
},
{
"db": "VULMON",
"id": "CVE-2015-1140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002190"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-110"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79100"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002190"
},
{
"db": "NVD",
"id": "CVE-2015-1140"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht204659"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht204659"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/73982"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032048"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1140"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1140"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-165/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-121/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/pandazheng/mac-ios-security"
},
{
"trust": 0.1,
"url": "https://github.com/pandazheng/ioshackstudy"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-165"
},
{
"db": "ZDI",
"id": "ZDI-15-121"
},
{
"db": "VULHUB",
"id": "VHN-79100"
},
{
"db": "VULMON",
"id": "CVE-2015-1140"
},
{
"db": "BID",
"id": "73982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002190"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-110"
},
{
"db": "NVD",
"id": "CVE-2015-1140"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-165"
},
{
"db": "ZDI",
"id": "ZDI-15-121"
},
{
"db": "VULHUB",
"id": "VHN-79100"
},
{
"db": "VULMON",
"id": "CVE-2015-1140"
},
{
"db": "BID",
"id": "73982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002190"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-110"
},
{
"db": "NVD",
"id": "CVE-2015-1140"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-29T00:00:00",
"db": "ZDI",
"id": "ZDI-15-165"
},
{
"date": "2015-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-121"
},
{
"date": "2015-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-79100"
},
{
"date": "2015-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1140"
},
{
"date": "2015-04-08T00:00:00",
"db": "BID",
"id": "73982"
},
{
"date": "2015-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002190"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-110"
},
{
"date": "2015-04-10T14:59:51.277000",
"db": "NVD",
"id": "CVE-2015-1140"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-29T00:00:00",
"db": "ZDI",
"id": "ZDI-15-165"
},
{
"date": "2015-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-15-121"
},
{
"date": "2019-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-79100"
},
{
"date": "2019-01-31T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1140"
},
{
"date": "2015-05-12T19:47:00",
"db": "BID",
"id": "73982"
},
{
"date": "2015-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002190"
},
{
"date": "2019-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-110"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-1140"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-110"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X of IOHIDFamily Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-110"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…