Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026

CVE-2015-1143

Description

LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A type confusion vulnerability in LaunchServices on Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string.

Vulnerability

LaunchServices in Apple OS X before 10.10.3 contains a type confusion issue that can be triggered by a crafted localized string. This affects all versions prior to the fix, including OS X Yosemite v10.10 to v10.10.2, and likely earlier versions as the security update also covers OS X Mountain Lion and Mavericks [1].

Exploitation

An attacker with local access to the system can craft a malicious localized string (e.g., a .strings file) that, when processed by LaunchServices, causes a type confusion. The exact sequence of steps is not publicly detailed, but the vulnerability is reachable without special privileges beyond local user access [1].

Impact

Successful exploitation allows a local user to gain elevated privileges. The type confusion may lead to arbitrary code execution in the context of LaunchServices, which runs with system privileges, resulting in privilege escalation [1].

Mitigation

Apple addressed this issue in OS X Yosemite v10.10.3 and Security Update 2015-004, released on April 8, 2015. Users should update to the latest version. No workarounds are documented, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities catalog [1].

References

About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <10.10.3
Apple Inc./OS Xllm-fuzzy
Range: <10.10.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/73982nvdExploitThird Party AdvisoryVDB Entry
lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdVendor Advisory
www.securitytracker.com/id/1032048nvdThird Party AdvisoryVDB Entry
support.apple.com/HT204659nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000