CVE-2015-5888

Vulnerability

The Install Framework Legacy component in Apple OS X prior to version 10.11 (El Capitan) allows a local user to escalate privileges to root via vectors involving a privileged executable file [1]. The specific mechanism involves a binary that runs with elevated privileges and can be manipulated by a local attacker to execute arbitrary code with root rights.

Exploitation

An attacker with local access to the system must first place or control a file that triggers the privileged executable to run. The exact exploitation steps are not disclosed, but the vulnerability requires the attacker to have a local user account and the ability to execute or interact with the affected Install Framework Legacy binary. No network access or user interaction beyond normal system use is needed.

Impact

Successful exploitation grants the attacker full root privileges on the affected system. This gives the attacker complete control over the operating system, including the ability to modify system files, install software, access all user data, and create new administrator accounts. The attack is local but results in total compromise of the target machine.

Mitigation

Apple addressed this vulnerability in OS X El Capitan v10.11, released on September 30, 2015 [1]. Users should upgrade to OS X 10.11 or later. There is no workaround for earlier versions, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog.