CVE-2015-3681

Vulnerability

Apple Type Services (ATS) in Apple OS X before 10.10.4 contains a memory corruption vulnerability that can be triggered by processing a crafted font file. Affected versions include OS X Mavericks v10.9.5 and OS X Yosemite v10.10 to v10.10.3. This is one of several similar font-related CVEs (CVE-2015-3679, CVE-2015-3680, CVE-2015-3682).

Exploitation

An attacker can exploit this vulnerability by delivering a malicious font file to the target, such as via a web page, email attachment, or other means. The victim must open the file or view content that triggers font processing. No special privileges or authentication are required for the attacker to deliver the file. Once processed, the crafted font causes memory corruption.

Impact

Successful exploitation could allow arbitrary code execution with system-level privileges or cause a denial of service (system crash or instability). This could lead to full compromise of the affected system.

Mitigation

Apple addressed this issue in OS X Yosemite v10.10.4 and Security Update 2015-005, released on July 1, 2015 [1]. Users should update to the latest available version. No workarounds are documented. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog as of the publication date.