Unrated severityNVD Advisory· Published Aug 16, 2015· Updated May 6, 2026

CVE-2015-3772

Description

IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local privilege escalation or denial of service via memory corruption in IOFireWireFamily on Apple OS X before 10.10.5.

Vulnerability

A memory corruption vulnerability exists in the IOFireWireFamily driver of Apple OS X. The issue affects OS X Mavericks v10.9.5 and OS X Yosemite v10.10 through v10.10.4. The vulnerability can be triggered via unspecified vectors, leading to memory corruption.

Exploitation

An attacker must have local access to the system. No special privileges or user interaction beyond local login are required. The exact exploitation steps are not disclosed, but the unspecified vectors allow the attacker to trigger memory corruption in the IOFireWireFamily driver.

Impact

Successful exploitation allows a local attacker to either gain elevated privileges or cause a denial of service (system crash or hang) due to memory corruption. The attacker may achieve arbitrary code execution in kernel context.

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.5 and Security Update 2015-006, released on August 13, 2015 [1]. Users should update to the latest available version. No workarounds are documented.

References

About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./OS Xllm-fuzzy
Range: <10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76340nvd
www.securitytracker.com/id/1033276nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000