CVE-2015-3693
Description
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apple Mac EFI firmware fails to set DDR3 RAM refresh rates, enabling row-hammer attacks that can lead to privilege escalation or denial of service.
Vulnerability
Apple Mac EFI firmware before version 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM [3]. This makes the system more susceptible to row-hammer attacks, where repeated memory accesses to DRAM rows can cause bit flips in adjacent rows.
Exploitation
An attacker can exploit this by triggering specific memory access patterns to induce disturbance errors. While remote exploitation may be limited, local unprivileged processes can gain kernel privileges by inducing bit flips in page table entries, as demonstrated on Linux [1]. On vulnerable Apple systems, similar techniques could be used.
Impact
Successful exploitation allows an attacker to gain elevated privileges, potentially leading to arbitrary code execution with kernel-level access, or cause a denial of service through memory corruption.
Mitigation
Apple released Mac EFI Security Update 2015-001 and OS X Yosemite v10.10.4 to address this issue [2][3]. Users should apply these updates. No workaround is available.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <10.10.4
- Range: <2015-001
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlnvdPatchVendor Advisory
- lists.apple.com/archives/security-announce/2015/Jun/msg00003.htmlnvdVendor Advisory
- support.apple.com/kb/HT204934nvdVendor Advisory
- support.apple.com/kb/HT204942nvdVendor Advisory
- googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.htmlnvd
- www.securityfocus.com/bid/75495nvd
- www.securitytracker.com/id/1032444nvd
- www.securitytracker.com/id/1032755nvd
News mentions
0No linked articles in our index yet.