CVE-2015-7007

Apple OS X <10.11.1 - Auth Bypass

Title source: llm

Description

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteosx

https://www.exploit-db.com/exploits/38535

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

by joev · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/safari_user_assisted_applescript_exec.rb

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/134072/Safari-User-Assisted-Applescript-Exec-Attack.html

[Third Party Advisory] http://www.rapid7.com/db/modules/exploit/osx/browser/safari_user_assisted_applescript_exec

[Vendor Advisory] https://support.apple.com/HT205375

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/38535/

Scores

EPSS 0.7816

EPSS Percentile 99.0%

Details

Status published

Products (1)

apple/mac_os_x < 10.11.0

Published Oct 23, 2015

Tracked Since Feb 18, 2026