CVE-2015-1066

Vulnerability

CVE-2015-1066 is an off-by-one error in the IOAcceleratorFamily component of Apple OS X through version 10.10.2. This bug affects OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2. The vulnerability is triggered by a crafted application, leading to a memory corruption issue due to improper bounds checking [1].

Exploitation

An attacker must convince a user to run a malicious application on the affected system. The off-by-one error in IOAcceleratorFamily leads to an out-of-bounds memory access, which can be exploited to achieve arbitrary code execution in a privileged context. No user interaction beyond launching the app is required [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code with system privileges, resulting in full compromise of the affected OS X system. The attacker gains the ability to install software, modify system files, and access sensitive data [1].

Mitigation

Apple addressed CVE-2015-1066 in Security Update 2015-002, released on March 9, 2015. The fix is available for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2. Users are advised to install the update immediately. No workarounds are available [1].