CVE-2015-7007

macOS < 10.11.1 - Unauthenticated AppleScript Execution Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-7007. PoCs published by Metasploit, joev, including Metasploit module exploits/osx/browser/safari_user_assisted_applescript_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2015-7007 by tricking a user into pressing cmd-R in Safari, which executes arbitrary AppleScript code. The exploit leverages the applescript:// URL scheme to bypass user confirmation and achieve remote command execution.

Description

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteosx

https://www.exploit-db.com/exploits/38535

View Code ZIP pw:eip

This Metasploit module exploits CVE-2015-7007 by tricking a user into pressing cmd-R in Safari, which executes arbitrary AppleScript code. The exploit leverages the applescript:// URL scheme to bypass user confirmation and achieve remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Safari on Mac OS X before 10.11.1

No auth needed

Prerequisites: User interaction (pressing cmd-R) · Gatekeeper disabled

MITRE ATT&CK

T1204 - User Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC MANUAL

by joev · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/safari_user_assisted_applescript_exec.rb