Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026

CVE-2015-1144

Description

Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow in OS X UniformTypeIdentifiers allows local users to gain privileges via a crafted UTI before 10.10.3.

Vulnerability

A buffer overflow vulnerability exists in the UniformTypeIdentifiers component of Apple OS X versions prior to 10.10.3. The issue is triggered when processing a crafted Uniform Type Identifier (UTI) string. This memory corruption can be exploited locally by an attacker who can supply a malicious UTI to the system.

Exploitation

An attacker with local access to the system can exploit this vulnerability by crafting a malicious Uniform Type Identifier and causing the UniformTypeIdentifiers component to process it. No user interaction beyond local access is required; the attacker only needs to be able to trigger the parsing of the crafted UTI, potentially through a custom application or command-line invocation.

Impact

Successful exploitation allows a local attacker to gain elevated privileges on the system. The buffer overflow can be used to execute arbitrary code in the context of a system process, leading to full system compromise.

Mitigation

The vulnerability is addressed in OS X Yosemite v10.10.3, released on April 8, 2015. Users should update to this version or later via the Mac App Store or Software Update. No workarounds are available for affected versions [1].

References

About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.2
Apple Inc./OS Xllm-fuzzy
Range: <10.10.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdVendor Advisory
support.apple.com/HT204659nvdVendor Advisory
www.securityfocus.com/bid/73982nvd
www.securitytracker.com/id/1032048nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000