CVE-2015-3705

Vulnerability

A memory corruption vulnerability exists in the IOAcceleratorFamily kernel extension on Apple OS X before 10.10.4. The bug is reachable when a crafted application interacts with the IOAccelerator interface, requiring no special configuration beyond normal user access to run a potentially malicious app. Affected versions include OS X Yosemite 10.10, 10.10.1, 10.10.2, and 10.10.3, as well as OS X Mavericks v10.9.5 (which is updated via Security Update 2015-005) [1].

Exploitation

An attacker must convince a user to run a crafted application, which then sends specially crafted data to the IOAcceleratorFamily kernel extension. The attacker does not need any special system privileges initially, only the ability to execute arbitrary user-level code. The crafted data triggers a memory corruption condition, leading to potential code execution within the kernel context [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code in a privileged kernel context, effectively gaining full control over the system. This can lead to complete compromise of confidentiality, integrity, and availability. Additionally, the memory corruption can be used to cause a denial of service (system crash) [1].

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.4 and Security Update 2015-005 for OS X Mavericks v10.9.5, released on June 30, 2015 [1]. Users should update to the fixed versions via Software Update or Apple's support downloads. No public workaround is available; the only mitigation is to apply the security update.