CVE-2015-5900
Description
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A flaw in the EFI protected range register in OS X before 10.11 allows a crafted app to cause boot failure by writing to an unintended address.
Vulnerability
The protected range register in the EFI component of Apple OS X before version 10.11 contains an incorrect value. This allows a crafted application to write to an unintended memory address, leading to a denial of service condition. The issue affects all versions prior to OS X 10.11 El Capitan. [1]
Exploitation
An attacker must have the ability to run a crafted app on the target system. The app writes to an unintended address due to the misconfigured protected range register, causing the system to fail during boot. No additional privileges or user interaction beyond executing the app are required. [1]
Impact
Successful exploitation results in a denial of service, specifically a boot failure, preventing the system from starting. The attacker does not gain code execution or data access; the impact is limited to availability. [1]
Mitigation
The vulnerability is fixed in OS X El Capitan v10.11, released on September 30, 2015. Users should update to OS X 10.11 or later. No workarounds are documented. [1]
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < 10.11
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlnvdVendor Advisory
- support.apple.com/HT205267nvdVendor Advisory
- www.securitytracker.com/id/1033703nvd
News mentions
0No linked articles in our index yet.