Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026

CVE-2015-1117

Description

Apple iOS/OS X/tvOS kernel privilege drop flaw in setreuid/setregid syscalls enables crafted app to execute code with elevated privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Apple iOS/OS X/tvOS kernel privilege drop flaw in setreuid/setregid syscalls enables crafted app to execute code with elevated privileges.

Vulnerability

The kernel implementations of the setreuid and setregid system calls in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops. A crafted application can exploit this flaw to execute code with unintended user or group privileges [1][2][3].

Exploitation

An attacker needs the ability to install and run a crafted application on the affected device. No additional authentication or network position is required beyond normal app execution. The app simply invokes the vulnerable system calls with crafted arguments to bypass privilege dropping.

Impact

Successful exploitation allows the crafted app to execute arbitrary code with elevated privileges, potentially gaining root or other system-level access. This compromises the confidentiality, integrity, and availability of the device.

Mitigation

Apple addressed the issue in iOS 8.3, OS X Yosemite v10.10.3, and Apple TV 7.2. Users should update their devices to these versions or later [1][2][3]. No workaround is available for unpatched systems.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone OS
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.2
Apple Inc./Mac OS X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.2
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <=7.1
Apple Inc./TVllm-fuzzy
Range: <7.2
Apple Inc./iOSllm-fuzzy
Range: <8.3
Apple Inc./OS Xllm-fuzzy
Range: <10.10.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2015/Apr/msg00003.htmlnvdVendor Advisory
support.apple.com/HT204659nvdVendor Advisory
support.apple.com/HT204661nvdVendor Advisory
support.apple.com/HT204662nvdVendor Advisory
www.securitytracker.com/id/1032048nvd
support.apple.com/kb/HT204870nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000