CVE-2015-1130

CVE Database · CVE-2015-1130

CVE-2015-1130

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

9.89%

Published

Apr 10, 2015

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-02-10 · Due: 2022-08-10

Apply updates per vendor instructions.

Public PoC / Exploit (5)

All weaponized →

Exploit-DBApple Mac OSX - 'Rootpipe' Local Privilege Escalation (Metasploit)Exploit-DBApple Mac OSX < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Local Privilege Escalation TrickestTrickest PoC index GitHub PoCsideeffect42/RootPipeTester★18 GitHub PoCShmoopi/RootPipe-Demo★2

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-59CWE-59

Affected Products (1)

apple · mac_os_x (up to 10.10.3)vulnerable

References (13)

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Mailing ListVendor AdvisoryBroken Link

http://www.osvdb.org/120418

Broken Link

http://www.securityfocus.com/bid/73982

ExploitThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032048

Broken LinkThird Party AdvisoryVDB Entry

https://support.apple.com/HT204659

Vendor Advisory

https://www.exploit-db.com/exploits/36692/

KEV Catalog EPSS Scores Vendors All CVEs