CVE-2015-5897

Vulnerability

The Address Book framework in Apple OS X versions prior to 10.11 (El Capitan) improperly handles an environment variable, allowing a local attacker to inject arbitrary code into any process that loads the framework [1]. The issue was present in all supported versions of OS X before the 10.11 update.

Exploitation

A local user with access to the system can set a malicious environment variable before launching a process that relies on the Address Book framework. When the process loads the framework, the injected code is executed. No additional authentication or user interaction beyond local access is required.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the target process. If the process runs with elevated privileges, the attacker can gain those privileges, leading to full system compromise.

Mitigation

Apple addressed this vulnerability in OS X 10.11 (El Capitan) by improving environment variable handling [1]. Users should upgrade to OS X 10.11 or later. No workarounds are documented.