cbcvebase.
CVE-2015-3693
published 2015-07-03

CVE-2015-3693: Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier…

PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.66%
93.8th percentile
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.

Affected

3 ranges
VendorProductVersion rangeFixed in
applemac_efi_security_update_2015-001
applemac_os_x<= 10.10.3
appleos_x_yosemite_v10.10.4_and_security_update_2015-005
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.