CVE-2015-3760

Apple OS X <10.10.5 - Privilege Escalation

Title source: llm

Description

dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.

Exploits (1)

metasploit WORKING POC GREAT

by Stefan Esser, joev · rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/dyld_print_to_file_root.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/76340

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

[Vendor Advisory] https://support.apple.com/kb/HT205031

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1033276

Scores

EPSS 0.0343

EPSS Percentile 87.5%

Details

CWE

CWE-20

Status published

Products (1)

apple/mac_os_x < 10.10.4

Published Aug 16, 2015

Tracked Since Feb 18, 2026