Exploitation Summary
EIP tracks 1 public exploit for CVE-2015-3704. PoCs published by Google Security Research.
AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in the Install.framework's 'runner' binary on macOS. By manipulating the Distributed Objects protocol and triggering an error in the authorization reference handling, an attacker can execute commands with root privileges without proper authentication.
Description
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Exploits (1)
This exploit leverages a privilege escalation vulnerability in the Install.framework's 'runner' binary on macOS. By manipulating the Distributed Objects protocol and triggering an error in the authorization reference handling, an attacker can execute commands with root privileges without proper authentication.