Unrated severityNVD Advisory· Published Jul 3, 2015· Updated May 6, 2026

CVE-2015-3706

Description

IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in Apple's IOAcceleratorFamily allows a crafted app to execute arbitrary code with kernel privileges on OS X before 10.10.4.

Vulnerability

A memory corruption vulnerability exists in the IOAcceleratorFamily component of Apple OS X. The bug is reachable when a crafted application interacts with the iOS Accelerator framework. All versions of OS X before 10.10.4 are affected, including OS X Mavericks v10.9.5 and OS X Yosemite v10.10 through v10.10.3 [1].

Exploitation

An attacker must first persuade the user to run a maliciously crafted application. No additional authentication or network access is required beyond the local ability to execute the app. The crafted app triggers memory corruption in IOAcceleratorFamily by sending specially crafted inputs to the framework [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code in a privileged kernel context or cause a denial of service via memory corruption. This can lead to full compromise of the system, including the ability to install malware, modify system files, or access protected data [1].

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.4, released on June 30, 2015. Users should update to this version or later via Software Update or Apple's security update website [1]. No workarounds were published.

References

About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.3
Apple Inc./OS Xllm-fuzzy
Range: <10.10.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlnvdPatchVendor Advisory
support.apple.com/kb/HT204942nvdVendor Advisory
www.securityfocus.com/bid/75493nvd
www.securitytracker.com/id/1032760nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000