Unrated severityNVD Advisory· Published Jul 3, 2015· Updated May 6, 2026

CVE-2015-3674

Description

afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in afpserver on Apple OS X before 10.10.4 allows remote code execution or denial of service.

Vulnerability

The afpserver daemon in Apple OS X versions prior to 10.10.4 contains a memory corruption vulnerability that can be triggered via unspecified vectors. The issue resides in the handling of network requests, allowing an attacker to corrupt memory and potentially execute arbitrary code. The exact code path and required conditions are not disclosed in the available reference [1].

Exploitation

A remote attacker can exploit this vulnerability by sending specially crafted network traffic to the afpserver service. No authentication is required, and the attack can be launched over the network without user interaction. The specific sequence of steps is not detailed in the advisory [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the afpserver process, or cause a denial of service through memory corruption. This could lead to full system compromise or disruption of file sharing services [1].

Mitigation

Apple addressed this vulnerability in OS X Yosemite 10.10.4 and Security Update 2015-005, released on July 1, 2015. Users should upgrade to the latest version of OS X to mitigate the risk. No workarounds are provided in the advisory [1].

References

About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.3
Apple Inc./afpserverllm-create
Range: < 10.10.4
Apple Inc./OS Xllm-fuzzy
Range: < 10.10.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlnvdPatchVendor Advisory
support.apple.com/kb/HT204942nvdVendor Advisory
www.securityfocus.com/bid/75493nvd
www.securitytracker.com/id/1032760nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000