CVE-2015-7024

MEDIUM

Apple OS X <10.11.1 - Privilege Escalation

Title source: llm

Description

Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.

References (2)

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

[Vendor Advisory] https://support.apple.com/HT205375

Scores

CVSS v3 6.7

EPSS 0.0006

EPSS Percentile 19.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

Status draft

Affected Products (1)

apple/mac_os_x < 10.11.0

Timeline

Published Jan 11, 2016

Tracked Since Feb 18, 2026