CVE-2015-1146 — Apple MAC OS X vulnerability

CWE-3105 documents3 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 77.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple OS X Yosemite V10.10.3 AND Security Update 2015-004

Timeline

PublishedApr 10

Latest updateMay 14

Description

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.

CVSS vector

AV:L/AC:M/C:N/I:P/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages2 packages

▶Appleapple/os_x_yosemite_v10.10.3_and_security_update_2015-004

▶NVDapple/mac_os_x< 10.10.3

🔴Vulnerability Details

GHSA

GHSA-65q8-qv35-fc8q: The Code Signing implementation in Apple OS X before 10↗2022-05-14

▶

GHSA

GHSA-g8h9-3w8p-m257: The Code Signing implementation in Apple OS X before 10↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2015-1146: OS X Yosemite v10.10.3 and Security Update 2015-004↗

▶