CVE-2015-3708
Description
kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
kextd in OS X before 10.10.4 allows arbitrary file write via symlink attack from a crafted app.
## Vulnerability kextd, part of the kext tools in Apple OS X, is vulnerable to a symlink attack that allows a crafted app to write to arbitrary files. The affected versions are OS X Yosemite before 10.10.4 (including 10.10, 10.10.1, 10.10.2, and 10.10.3). [1]
Exploitation
An attacker must run a specially crafted app that conducts a symlink attack. This requires local access to the system. The app exploits kextd by causing it to follow a symbolic link, thereby writing to an unintended file location controlled by the attacker.
Impact
Successful exploitation enables arbitrary file write, which could lead to privilege escalation, system compromise, or persistent modification of system files.
Mitigation
Apple addressed this vulnerability in OS X Yosemite v10.10.4 and Security Update 2015-005. Users should update their systems to the latest available version. No workaround is provided in the available references. [1]
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <10.10.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlnvdPatchVendor Advisory
- support.apple.com/kb/HT204942nvdVendor Advisory
- www.securityfocus.com/bid/75493nvd
- www.securitytracker.com/id/1032760nvd
News mentions
0No linked articles in our index yet.