CVE-2015-3761
Description
The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Pathname validation flaw in OS X kernel before 10.10.5 lets local users escalate privileges via environment variables.
Vulnerability
The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, allowing local users to gain privileges via unspecified vectors [1]. Affected versions include OS X Yosemite v10.10 to v10.10.4.
Exploitation
A local user can exploit this vulnerability by crafting environment variables with malicious pathnames. The exact exploitation steps are not disclosed in the available references [1].
Impact
Successful exploitation allows a local user to escalate privileges, potentially gaining root-level access or higher system control [1].
Mitigation
Apple addressed this issue in OS X Yosemite v10.10.5 and Security Update 2015-006. Users should update to the latest version of OS X. No workarounds are provided [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <10.10.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
- support.apple.com/kb/HT205031nvdVendor Advisory
- www.securityfocus.com/bid/76340nvd
- www.securitytracker.com/id/1033276nvd
News mentions
0No linked articles in our index yet.