CVE-2015-3702

Vulnerability

A buffer overflow vulnerability exists in the Intel Graphics Driver bundled with Apple OS X before version 10.10.4. The affected component is the graphics driver, and the issue can be triggered by a local user through unspecified vectors. The vulnerability is distinct from similar issues tracked as CVE-2015-3695 through CVE-2015-3701. Versions affected include OS X Mavericks v10.9.5 and OS X Yosemite v10.10 through v10.10.3 [1].

Exploitation

Exploitation requires local access to the system. The exact sequence of steps is not disclosed in the available references, but it involves providing crafted input to the Intel Graphics Driver that triggers the buffer overflow. The attacker does not need any special privileges to initiate the attack, as the vulnerability can be triggered from a non-privileged user context [1].

Impact

Successful exploitation allows a local attacker to gain elevated privileges on the system. Since the Intel Graphics Driver runs with kernel-level privileges, the attacker can achieve arbitrary code execution in kernel mode, leading to full compromise of the affected Mac [1].

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.4 and Security Update 2015-005. Users should update to the latest available version of OS X. No workarounds are documented in the references, and the vendor recommends applying the security update as soon as possible [1].