Unrated severityNVD Advisory· Published Aug 16, 2015· Updated May 6, 2026

CVE-2015-3777

Description

Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple buffer overflows in blued (macOS Bluetooth daemon) allow local attackers to gain elevated privileges via crafted XPC messages prior to OS X 10.10.5.

Vulnerability

Multiple buffer overflow vulnerabilities exist in blued, the Bluetooth system daemon in Apple OS X, prior to version 10.10.5. These flaws are triggered through XPC messages, which are interprocess communication mechanisms used between system services and applications. A local user can send specially crafted XPC messages to blued, leading to memory corruption.

Exploitation

An attacker must have local access to a vulnerable system (OS X Yosemite v10.10 through v10.10.4 or OS X Mavericks v10.9.5). No remote attack vector is available. The attacker crafts and sends malicious XPC messages to the blued process. No special authentication beyond local user credentials is required if the attacker already has a user account.

Impact

Successful exploitation allows a local attacker to execute arbitrary code in the context of the blued process, which runs with elevated system privileges. This can lead to full compromise of the affected system, including arbitrary code execution with root privileges.

Mitigation

Apple addressed these vulnerabilities in OS X Yosemite v10.10.5 and Security Update 2015-006, released on August 13, 2015 [1]. Users should update to the latest available version. No workaround is provided for unpatched systems. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.

References

About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.4
Apple Inc./OS Xllm-fuzzy
Range: < 10.10.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvdVendor Advisory
support.apple.com/kb/HT205031nvdVendor Advisory
www.securityfocus.com/bid/76340nvd
www.securitytracker.com/id/1033276nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000