cvelistv5 - cve-2015-3673

CVE-2015-3673 (GCVE-0-2015-3673)

Vulnerability from cvelistv5

Published

2015-07-03 01:00

Modified

2024-08-06 05:47

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2015-3673

Vulnerability from fkie_nvd

Published

2015-07-03 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html	Patch, Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT204942	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/75493
product-security@apple.com	http://www.securitytracker.com/id/1032760
product-security@apple.com	https://www.exploit-db.com/exploits/38036/
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT204942	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75493
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032760
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/38036/

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68566BD8-D5DD-4747-9C9A-59154400EBFA",
              "versionEndIncluding": "10.10.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility."
    },
    {
      "lang": "es",
      "value": "Admin Framework en Apple OS X anterior a 10.10.4 no restringe correctamente la localizaci\u00f3n de los clientes writeconfig, lo que permite a usuarios locales obtener privilegios root mediante el traslado y posterior modificaci\u00f3n de Directory Utility."
    }
  ],
  "id": "CVE-2015-3673",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-03T01:59:30.417",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT204942"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/75493"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1032760"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://www.exploit-db.com/exploits/38036/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT204942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/38036/"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2015-04289

Vulnerability from cnvd

Title

Apple MAC OS X Directory工具权限提升漏洞

Description

Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X Directory工具存在安全漏洞，允许攻击者利用漏洞获得root权限。

Severity

高

Patch Name

Apple MAC OS X Directory工具权限提升漏洞的补丁

Patch Description

Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X Directory工具存在安全漏洞，允许攻击者利用漏洞获得root权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Apple Mac OS X 10.10.4已经修复该漏洞，建议用户下载更新： https://support.apple.com

Reference

https://support.apple.com/zh-cn/HT204942

Impacted products

Name
Apple OS X Yosemite 10.10 - 10.10.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3673"
    }
  },
  "description": "Apple Mac OS X\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple Mac OS X Directory\u5de5\u5177\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u5f97root\u6743\u9650\u3002",
  "discovererName": "Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec",
  "formalWay": "Apple Mac OS X 10.10.4\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://support.apple.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04289",
  "openTime": "2015-07-07",
  "patchDescription": "Apple Mac OS X\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple Mac OS X Directory\u5de5\u5177\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u5f97root\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple MAC OS X Directory\u5de5\u5177\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple OS X Yosemite 10.10 - 10.10.3"
  },
  "referenceLink": "https://support.apple.com/zh-cn/HT204942",
  "serverity": "\u9ad8",
  "submitTime": "2015-07-02",
  "title": "Apple MAC OS X Directory\u5de5\u5177\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

ghsa-2h38-rw9c-6j5p

Vulnerability from github

Published

2022-05-17 00:49

Modified

2025-04-12 12:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3673"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-03T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.",
  "id": "GHSA-2h38-rw9c-6j5p",
  "modified": "2025-04-12T12:49:22Z",
  "published": "2022-05-17T00:49:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3673"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/38036"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT204942"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75493"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032760"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

De multiples vulnérabilités ont été corrigées dans Apple OSX. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mountain Lion versions antérieures à v10.8.5
Apple	N/A	OS X Yosemite versions antérieures à v10.10.4
Apple	N/A	OS X Mavericks versions antérieures à v10.9.5

References

Title

Publication Time

gsd-2015-3673

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-3673

Aliases

CVE-2015-3673

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3673",
    "description": "Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.",
    "id": "GSD-2015-3673",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-3673"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3673"
      ],
      "details": "Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.",
      "id": "GSD-2015-3673",
      "modified": "2023-12-13T01:20:07.373663Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-3673",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2015-06-30-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
          },
          {
            "name": "75493",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75493"
          },
          {
            "name": "1032760",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032760"
          },
          {
            "name": "38036",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/38036/"
          },
          {
            "name": "http://support.apple.com/kb/HT204942",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT204942"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-3673"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-06-30-2",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
            },
            {
              "name": "http://support.apple.com/kb/HT204942",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT204942"
            },
            {
              "name": "75493",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/75493"
            },
            {
              "name": "38036",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/38036/"
            },
            {
              "name": "1032760",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032760"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-22T01:29Z",
      "publishedDate": "2015-07-03T01:59Z"
    }
  }
}

var-201507-0436

Vulnerability from variot

Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility. Apple Mac OS X is prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. Attackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.10.4. Admin Framework is one of the administrator frameworks. The vulnerability stems from the fact that the program does not properly restrict the location of the writeconfig client. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following:

Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A process may gain admin privileges without proper authentication Description: An issue existed when checking XPC entitlements. This issue was addressed through improved entitlement checking. CVE-ID CVE-2015-3671 : Emil Kvarnhammar at TrueSec

Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rights Description: An issue existed in the handling of user authentication. This issue was addressed through improved error checking. This issue was addressed by limiting the disk location that writeconfig clients may be executed from. CVE-ID CVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec

afpserver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the AFP server. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3674 : Dean Jerkovich of NCC Group

apache Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. This issue was addressed by enabling mod_hfs_apple. These were addressed by updating PHP to versions 5.5.24 and 5.4.40. CVE-ID CVE-2015-0235 CVE-2015-0273

AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3676 : Chen Liang of KEEN Team

AppleFSCompression Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in LZVN compression that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3677 : an anonymous researcher working with HP's Zero Day Initiative

AppleThunderboltEDMService Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the handling of certain Thunderbolt commands from local processes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3678 : Apple

ATS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in handling of certain fonts. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3679 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3680 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3682 : Nuode Wei

Bluetooth Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze Networks

Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may be able to intercept network traffic Description: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. Further details are available at https://support.apple.com/en-us/HT204938

Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.

CFNetwork HTTPAuthentication Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Following a maliciously crafted URL may lead to arbitrary code execution Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3684 : Apple

CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple

coreTLS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck

DiskImages Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-ID CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative

Display Drivers Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An issue existed in the Monitor Control Command Set kernel extension by which a userland process could control the value of a function pointer within the kernel. The issue was addressed by removing the affected interface. CVE-ID CVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze Networks

EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application with root privileges may be able to modify EFI flash memory Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca

EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates. CVE-ID CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)

FontParser Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team

Graphics Driver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds write issue existed in NVIDIA graphics driver. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3712 : Ian Beer of Google Project Zero

Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges Description: Multiple buffer overflow issues existed in the Intel graphics driver. These were addressed through additional bounds checks. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4. CVE-ID CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3703 : Apple

Install Framework Legacy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Several issues existed in how Install.framework's 'runner' setuid binary dropped privileges. This was addressed by properly dropping privileges. CVE-ID CVE-2015-3704 : Ian Beer of Google Project Zero

IOAcceleratorFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOAcceleratorFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3705 : KEEN Team CVE-2015-3706 : KEEN Team

IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null pointer dereference issues existed in the FireWire driver. These issues were addressed through improved error checking. CVE-ID CVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze Networks

Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of APIs related to kernel extensions which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3720 : Stefan Esser

Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3721 : Ian Beer of Google Project Zero

kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to overwrite arbitrary files Description: kextd followed symbolic links while creating a new file. This issue was addressed through improved handling of symbolic links. CVE-ID CVE-2015-3708 : Ian Beer of Google Project Zero

kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A local user may be able to load unsigned kernel extensions Description: A time-of-check time-of-use (TOCTOU) race condition condition existed while validating the paths of kernel extensions. This issue was addressed through improved checks to validate the path of the kernel extensions. CVE-ID CVE-2015-3709 : Ian Beer of Google Project Zero

Mail Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content. CVE-ID CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek

ntfs Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in NTFS that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative

ntp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. These issues were addressed through improved connection state management. CVE-ID CVE-2015-1798 CVE-2015-1799

OpenSSL Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Multiple issues exist in OpenSSL, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers Description: Multiple issues existed in OpenSSL 0.9.8zd which were addressed by updating OpenSSL to version 0.9.8zf. CVE-ID CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293

QuickTime Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple

Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking. CVE-ID CVE-2013-1741

Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. This issue was addressed with improved resource validation. CVE-ID CVE-2015-3714 : Joshua Pitts of Leviathan Security Group

Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to bypass code signing checks Description: An issue existed where code signing did not verify libraries loaded outside the application bundle. This issue was addressed with improved bundle verification. CVE-ID CVE-2015-3715 : Patrick Wardle of Synack

Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Searching for a malicious file with Spotlight may lead to command injection Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. This issue was addressed through improved input validation. CVE-ID CVE-2015-3716 : Apple

SQLite Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in SQLite's printf implementation. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative

System Stats Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious app may be able to compromise systemstatsd Description: A type confusion issue existed in systemstatsd's handling of interprocess communication. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. The issue was addressed through additional type checking. CVE-ID CVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze Networks

TrueTypeScaler Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team

zip Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Extracting a maliciously crafted zip file using the unzip tool may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of zip files. These issues were addressed through improved memory handling. https://support.apple.com/en-us/HT204950

OS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue mFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7 kbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo EKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w aGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH cMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL U4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+ aftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U TUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC 3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J 1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI +gGm5FbAxjxElgA/gbaq =KLda -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0436",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.10.3"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.6"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.4"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "quicktime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-034"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3673"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Emil Kvarnhammar at TrueSec, Patrick Wardle of Synack, Dean Jerkovich of NCC Group, Apple, Chen Liang of KEEN Team, an anonymous researcher working with HP\u0027s Zero Day Initiative, Pawel Wylecial working with HP\u0027s Zero Day Initiative, John Villamil (@day6rea",
    "sources": [
      {
        "db": "BID",
        "id": "75493"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3673",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2015-3673",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-81634",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-3673",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-3673",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-034",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81634",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3673",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81634"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3673"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-034"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3673"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility. Apple Mac OS X is prone to multiple security vulnerabilities. \nThe update addresses new vulnerabilities that affect Admin Framework, afpserver, apache, AppleGraphicsControl, AppleFSCompression, AppleThunderboltEDMService, ATS, Bluetooth, Display Drivers, Intel Graphics Driver, IOAcceleratorFamily, IOFireWireFamily, Kernel, Install Framework Legacy, kext tools, ntfs, QuickTime, Security, Spotlight, and System Stats components. \nAttackers can exploit these issues to execute arbitrary code with system privileges, gain admin privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. \nThese issues affect OS X prior to 10.10.4. Admin Framework is one of the administrator frameworks. The vulnerability stems from the fact that the program does not properly restrict the location of the writeconfig client. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\n2015-005\n\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\nand address the following:\n\nAdmin Framework\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A process may gain admin privileges without proper\nauthentication\nDescription:  An issue existed when checking XPC entitlements. This\nissue was addressed through improved entitlement checking. \nCVE-ID\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A non-admin user may obtain admin rights\nDescription:  An issue existed in the handling of user\nauthentication. This issue was addressed through improved error\nchecking. This issue was\naddressed by limiting the disk location that writeconfig clients may\nbe executed from. \nCVE-ID\nCVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec\n\nafpserver\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the AFP server. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3674 : Dean Jerkovich of NCC Group\n\napache\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker may be able to access directories that are\nprotected with HTTP authentication without knowing the correct\ncredentials\nDescription:  The default Apache configuration did not include\nmod_hfs_apple. If Apache was manually enabled and the configuration\nwas not changed, some files that should not be accessible might have\nbeen accessible using a specially crafted URL. This issue was\naddressed by enabling mod_hfs_apple. These were addressed by updating PHP to\nversions 5.5.24 and 5.4.40. \nCVE-ID\nCVE-2015-0235\nCVE-2015-0273\n\nAppleGraphicsControl\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in AppleGraphicsControl which could\nhave led to the disclosure of kernel memory layout. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2015-3676 : Chen Liang of KEEN Team\n\nAppleFSCompression\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in LZVN compression that could have\nled to the disclosure of kernel memory content. This issue was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-3677 : an anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nAppleThunderboltEDMService\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the handling of\ncertain Thunderbolt commands from local processes. This issue was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-3678 : Apple\n\nATS\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in handling\nof certain fonts. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-3679 : Pawel Wylecial working with HP\u0027s Zero Day Initiative\nCVE-2015-3680 : Pawel Wylecial working with HP\u0027s Zero Day Initiative\nCVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3682 : Nuode Wei\n\nBluetooth\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the Bluetooth HCI\ninterface. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nCertificate Trust Policy\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker with a privileged network position may be able\nto intercept network traffic\nDescription:  An intermediate certificate was incorrectly issued by\nthe certificate authority CNNIC. This issue was addressed through the\naddition of a mechanism to trust only a subset of certificates issued\nprior to the mis-issuance of the intermediate. Further details are\navailable at https://support.apple.com/en-us/HT204938\n\nCertificate Trust Policy\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPAuthentication\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Following a maliciously crafted URL may lead to arbitrary\ncode execution\nDescription:  A memory corruption issue existed in handling of\ncertain URL credentials. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3684 : Apple\n\nCoreText\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted text file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of text files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1157\nCVE-2015-3685 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3689 : Apple\n\ncoreTLS\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  coreTLS accepted short ephemeral Diffie-Hellman (DH)\nkeys, as used in export-strength ephemeral DH cipher suites. This\nissue, also known as Logjam, allowed an attacker with a privileged\nnetwork position to downgrade security to 512-bit DH if the server\nsupported an export-strength ephemeral DH cipher suite. The issue was\naddressed by increasing the default minimum size allowed for DH\nephemeral keys to 768 bits. \nCVE-ID\nCVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck\n\nDiskImages\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An information disclosure issue existed in the\nprocessing of disk images. This issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2015-3690 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nDisplay Drivers\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An issue existed in the Monitor Control Command Set\nkernel extension by which a userland process could control the value\nof a function pointer within the kernel. The issue was addressed by\nremoving the affected interface. \nCVE-ID\nCVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nEFI\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application with root privileges may be able to\nmodify EFI flash memory\nDescription:  An insufficient locking issue existed with EFI flash\nwhen resuming from sleep states. This issue was addressed through\nimproved locking. \nCVE-ID\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\n\nEFI\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may induce memory corruption to\nescalate privileges\nDescription:  A disturbance error, also known as Rowhammer, exists\nwith some DDR3 RAM that could have led to memory corruption. This\nissue was mitigated by increasing memory refresh rates. \nCVE-ID\nCVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working\nfrom original research by Yoongu Kim et al (2014)\n\nFontParser\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team\n\nGraphics Driver\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  An out of bounds write issue existed in NVIDIA graphics\ndriver. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2015-3712 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple buffer overflow issues exist in the Intel graphics\ndriver, the most serious of which may lead to arbitrary code\nexecution with system privileges\nDescription:  Multiple buffer overflow issues existed in the Intel\ngraphics driver. These were addressed through additional bounds\nchecks. \nCVE-ID\nCVE-2015-3695 : Ian Beer of Google Project Zero\nCVE-2015-3696 : Ian Beer of Google Project Zero\nCVE-2015-3697 : Ian Beer of Google Project Zero\nCVE-2015-3698 : Ian Beer of Google Project Zero\nCVE-2015-3699 : Ian Beer of Google Project Zero\nCVE-2015-3700 : Ian Beer of Google Project Zero\nCVE-2015-3701 : Ian Beer of Google Project Zero\nCVE-2015-3702 : KEEN Team\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple vulnerabilities existed in libtiff, the most\nserious of which may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in libtiff versions\nprior to 4.0.4. They were addressed by updating libtiff to version\n4.0.4. \nCVE-ID\nCVE-2014-8127\nCVE-2014-8128\nCVE-2014-8129\nCVE-2014-8130\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted .tiff file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\n.tiff files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-3703 : Apple\n\nInstall Framework Legacy\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Several issues existed in how Install.framework\u0027s\n\u0027runner\u0027 setuid binary dropped privileges. This was addressed by\nproperly dropping privileges. \nCVE-ID\nCVE-2015-3704 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple memory corruption issues existed in\nIOAcceleratorFamily. These issues were addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3705 : KEEN Team\nCVE-2015-3706 : KEEN Team\n\nIOFireWireFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  Multiple null pointer dereference issues existed in the\nFireWire driver. These issues were addressed through improved error\nchecking. \nCVE-ID\nCVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  A memory management issue existed in the handling of\nAPIs related to kernel extensions which could have led to the\ndisclosure of kernel memory layout. This issue was addressed through\nimproved memory management. \nCVE-ID\nCVE-2015-3720 : Stefan Esser\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  A memory management issue existed in the handling of\nHFS parameters which could have led to the disclosure of kernel\nmemory layout. This issue was addressed through improved memory\nmanagement. \nCVE-ID\nCVE-2015-3721 : Ian Beer of Google Project Zero\n\nkext tools\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to overwrite arbitrary\nfiles\nDescription:  kextd followed symbolic links while creating a new\nfile. This issue was addressed through improved handling of symbolic\nlinks. \nCVE-ID\nCVE-2015-3708 : Ian Beer of Google Project Zero\n\nkext tools\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A local user may be able to load unsigned kernel extensions\nDescription:  A time-of-check time-of-use (TOCTOU) race condition\ncondition existed while validating the paths of kernel extensions. \nThis issue was addressed through improved checks to validate the path\nof the kernel extensions. \nCVE-ID\nCVE-2015-3709 : Ian Beer of Google Project Zero\n\nMail\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A maliciously crafted email can replace the message content\nwith an arbitrary webpage when the message is viewed\nDescription:  An issue existed in the support for HTML email which\nallowed message content to be refreshed with an arbitrary webpage. \nThe issue was addressed through restricted support for HTML content. \nCVE-ID\nCVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek\n\nntfs\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in NTFS that could have led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-3711 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nntp\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  An attacker in a privileged position may be able to perform\na denial of service attack against two ntp clients\nDescription:  Multiple issues existed in the authentication of ntp\npackets being received by configured end-points. These issues were\naddressed through improved connection state management. \nCVE-ID\nCVE-2015-1798\nCVE-2015-1799\n\nOpenSSL\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  Multiple issues exist in OpenSSL, including one that may\nallow an attacker to intercept connections to a server that supports\nexport-grade ciphers\nDescription:  Multiple issues existed in OpenSSL 0.9.8zd which were\naddressed by updating OpenSSL to version 0.9.8zf. \nCVE-ID\nCVE-2015-0209\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0293\n\nQuickTime\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3661 : G. Geshev working with HP\u0027s Zero Day Initiative\nCVE-2015-3662 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3663 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP\u0027s Zero\nDay Initiative\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\nLu of Fortinet\u0027s FortiGuard Labs, Ryan Pentney, and Richard Johnson\nof Cisco Talos and Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3668 : Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3713 : Apple\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription:  An integer overflow existed in the Security framework\ncode for parsing S/MIME e-mail and some other signed or encrypted\nobjects. This issue was addressed through improved validity checking. \nCVE-ID\nCVE-2013-1741\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Tampered applications may not be prevented from launching\nDescription:  Apps using custom resource rules may have been\nsusceptible to tampering that would not have invalidated the\nsignature. This issue was addressed with improved resource\nvalidation. \nCVE-ID\nCVE-2015-3714 : Joshua Pitts of Leviathan Security Group\n\nSecurity\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious application may be able to bypass code signing\nchecks\nDescription:  An issue existed where code signing did not verify\nlibraries loaded outside the application bundle. This issue was\naddressed with improved bundle verification. \nCVE-ID\nCVE-2015-3715 : Patrick Wardle of Synack\n\nSpotlight\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact:  Searching for a malicious file with Spotlight may lead to\ncommand injection\nDescription:  A command injection vulnerability existed in the\nhandling of filenames of photos added to the local photo library. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2015-3716 : Apple\n\nSQLite\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription:  Multiple buffer overflows existed in SQLite\u0027s printf\nimplementation. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-3717 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nSystem Stats\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  A malicious app may be able to compromise systemstatsd\nDescription:  A type confusion issue existed in systemstatsd\u0027s\nhandling of interprocess communication. By sending a maliciously\nformatted message to systemstatsd, it may have been possible to\nexecute arbitrary code as the systemstatsd process. The issue was\naddressed through additional type checking. \nCVE-ID\nCVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nTrueTypeScaler\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team\n\nzip\nAvailable for:  OS X Yosemite v10.10 to v10.10.3\nImpact:  Extracting a maliciously crafted zip file using the unzip\ntool may lead to an unexpected application termination or arbitrary\ncode execution\nDescription:  Multiple memory corruption issues existed in the\nhandling of zip files. These issues were addressed through improved\nmemory handling. \nhttps://support.apple.com/en-us/HT204950\n\nOS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue\nmFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7\nkbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo\nEKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w\naGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH\ncMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL\nU4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+\naftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U\nTUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC\n3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J\n1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI\n+gGm5FbAxjxElgA/gbaq\n=KLda\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3673"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      },
      {
        "db": "BID",
        "id": "75493"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81634"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3673"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-81634",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38036",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81634"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3673"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3673",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "75493",
        "trust": 1.5
      },
      {
        "db": "EXPLOIT-DB",
        "id": "38036",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1032760",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-034",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "133361",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-89291",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-81634",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3673",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132518",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81634"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3673"
      },
      {
        "db": "BID",
        "id": "75493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-034"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3673"
      }
    ]
  },
  "id": "VAR-201507-0436",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81634"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:15:00.688000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204942"
      },
      {
        "title": "HT204942",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204942"
      },
      {
        "title": "quicktime7.7.7_installer",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517"
      },
      {
        "title": "osxupd10.10.4",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516"
      },
      {
        "title": "iPhone7,1_8.4_12H143_Restore",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515"
      },
      {
        "title": "Apple: OS X Yosemite v10.10.4 and Security Update 2015-005",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50398602701d671602946005c7864211"
      },
      {
        "title": "RootPipeTester",
        "trust": 0.1,
        "url": "https://github.com/sideeffect42/RootPipeTester "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3673"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-034"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81634"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3673"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht204942"
      },
      {
        "trust": 1.3,
        "url": "https://www.exploit-db.com/exploits/38036/"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/75493"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1032760"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3673"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3673"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/sideeffect42/rootpipetester"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3673"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8141"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8140"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3672"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3661"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3671"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3663"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3668"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3666"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1798"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3667"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81634"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3673"
      },
      {
        "db": "BID",
        "id": "75493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-034"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3673"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81634"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3673"
      },
      {
        "db": "BID",
        "id": "75493"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      },
      {
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-034"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3673"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81634"
      },
      {
        "date": "2015-07-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3673"
      },
      {
        "date": "2015-06-30T00:00:00",
        "db": "BID",
        "id": "75493"
      },
      {
        "date": "2015-07-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      },
      {
        "date": "2015-07-01T05:31:53",
        "db": "PACKETSTORM",
        "id": "132518"
      },
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-034"
      },
      {
        "date": "2015-07-03T01:59:30.417000",
        "db": "NVD",
        "id": "CVE-2015-3673"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81634"
      },
      {
        "date": "2017-09-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3673"
      },
      {
        "date": "2015-07-15T00:57:00",
        "db": "BID",
        "id": "75493"
      },
      {
        "date": "2015-07-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      },
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-034"
      },
      {
        "date": "2024-11-21T02:29:37.100000",
        "db": "NVD",
        "id": "CVE-2015-3673"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-034"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple OS X of  Admin Framework In  root Privileged vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003372"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-034"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-3673 (GCVE-0-2015-3673)

Vulnerability from cvelistv5

fkie_cve-2015-3673

Vulnerability from fkie_nvd

cnvd-2015-04289

Vulnerability from cnvd

ghsa-2h38-rw9c-6j5p

Vulnerability from github

CERTFR-2015-AVI-273

Vulnerability from certfr_avis

Solution

gsd-2015-3673

Vulnerability from gsd

var-201507-0436

Vulnerability from variot

Tags

Sightings

Nomenclature