Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges.
Max CVSS
6.8
EPSS Score
0.04%
Published
2015-07-03
Updated
2016-12-06
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer.
Max CVSS
9.3
EPSS Score
0.31%
Published
2015-07-03
Updated
2017-09-22
The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.
Max CVSS
5.0
EPSS Score
0.41%
Published
2015-07-03
Updated
2017-09-22
Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-07-03
Updated
2017-09-22
Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-07-03
Updated
2017-09-22
5 vulnerabilities found