Unrated severityNVD Advisory· Published Jul 3, 2015· Updated May 6, 2026

CVE-2015-3679

Description

Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Apple Type Services (ATS) in OS X before 10.10.4 allows arbitrary code execution or denial of service via a crafted font file due to memory corruption.

Vulnerability

Apple Type Services (ATS) in Apple OS X before 10.10.4 contains a memory corruption vulnerability that can be triggered by processing a crafted font file. This affects OS X Mavericks v10.9.5 and OS X Yosemite v10.10 to v10.10.3 [1]. The issue is distinct from related font-handling flaws CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682.

Exploitation

An attacker can exploit this vulnerability by delivering a specially crafted font file to the target system. No authentication is required if the attacker can entice a user to open a document or web page that renders the malicious font. The code path is reachable through any application that uses ATS for font processing.

Impact

Successful exploitation leads to memory corruption, which an attacker can leverage to execute arbitrary code in the context of the affected process or cause a denial of service. This could result in full system compromise or application crash.

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.4 and Security Update 2015-005, released on June 30, 2015 [1]. Users should update to the latest available version. No workarounds are disclosed in the available references.

References

About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.3
Apple Inc./OS Xllm-fuzzy
Range: <10.10.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlnvdPatchVendor Advisory
support.apple.com/kb/HT204942nvdVendor Advisory
www.securityfocus.com/bid/75493nvd
www.securitytracker.com/id/1032760nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000