CVE-2015-5890

Vulnerability

IOGraphics in Apple OS X before 10.11 (El Capitan) contains a memory corruption issue reachable via unspecified vectors. The exact vulnerable code path and required conditions are not disclosed in the available references, but the issue is distinct from related IOGraphics vulnerabilities CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873. Affected versions include Mac OS X 10.6.8 through 10.10.x.

Exploitation

Per the vendor advisory [1], exploitation requires local user access. The attacker must be able to execute code or trigger the IOGraphics interface on the affected system. The vendor did not disclose a concrete sequence of steps.

Impact

A successful attacker can gain elevated privileges or cause a denial of service through memory corruption. The impact includes potential arbitrary code execution at the kernel level, as IOGraphics is a kernel extension, leading to full compromise of system confidentiality, integrity, and availability.

Mitigation

Apple released the fix in OS X 10.11 (El Capitan) as part of the security update detailed in [1]. Users should upgrade to OS X 10.11 or later. No workarounds were provided for unsupported versions. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.