Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges.
Max CVSS
6.8
EPSS Score
0.04%
Published
2015-07-03
Updated
2016-12-06
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer.
Max CVSS
9.3
EPSS Score
0.31%
Published
2015-07-03
Updated
2017-09-22
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.
Max CVSS
5.0
EPSS Score
0.41%
Published
2015-07-03
Updated
2017-09-22
Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-07-03
Updated
2017-09-22
Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-07-03
Updated
2017-09-22
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!