CVE-2015-3693
published 2015-07-03CVE-2015-3693: Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.66%
93.8th percentile
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_efi_security_update_2015-001 | — | — |
| apple | mac_os_x | <= 10.10.3 | — |
| apple | os_x_yosemite_v10.10.4_and_security_update_2015-005 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-53qj-236r-q3j5: Apple Mac EFI before 2015-001, as used in OS X before 10
ghsa_unreviewed·2022-05-17
CVE-2015-3693 [HIGH] GHSA-53qj-236r-q3j5: Apple Mac EFI before 2015-001, as used in OS X before 10
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
Apple
CVE-2015-3693: Mac EFI Security Update 2015-001
vendor_apple·CVSS 9.3
CVE-2015-3693 [CRITICAL] CVE-2015-3693: Mac EFI Security Update 2015-001
Apple Security Update: About the security content of Mac EFI Security Update 2015-001
Product: Mac EFI Security Update 2015-001
CVE: CVE-2015-3693
Component: CVE-ID
Apple
CVE-2015-3693: OS X Yosemite v10.10.4 and Security Update 2015-005
vendor_apple·CVSS 9.3
CVE-2015-3693 [CRITICAL] CVE-2015-3693: OS X Yosemite v10.10.4 and Security Update 2015-005
Apple Security Update: About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005
Product: OS X Yosemite v10.10.4 and Security Update 2015-005
CVE: CVE-2015-3693
Component: CVE-ID
No detection rules found.
No writeups or analysis indexed.
http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00003.htmlhttp://support.apple.com/kb/HT204934http://support.apple.com/kb/HT204942http://www.securityfocus.com/bid/75495http://www.securitytracker.com/id/1032444http://www.securitytracker.com/id/1032755http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00003.htmlhttp://support.apple.com/kb/HT204934http://support.apple.com/kb/HT204942http://www.securityfocus.com/bid/75495http://www.securitytracker.com/id/1032444http://www.securitytracker.com/id/1032755
2015-07-03
Published