CVE-2015-3785

Vulnerability

The Telephony component in Apple OS X versions prior to 10.11 (El Capitan) contains an unspecified vulnerability that allows bypassing intended telephone-call restrictions. The issue is exploitable when the Continuity feature is enabled. Affected versions: OS X Yosemite and earlier (before 10.11). [1]

Exploitation

A local user with access to the system can exploit this vulnerability. The exact attack vector is not disclosed, but it requires the Continuity feature to be enabled. No authentication or special privileges beyond local access are mentioned. The attacker can bypass restrictions on telephone calls.

Impact

Successful exploitation allows a local user to bypass intended telephone-call restrictions, potentially enabling unauthorized calls. The impact is a violation of intended access controls on the Telephony component, leading to unauthorized use of telephony features.

Mitigation

Apple addressed this issue in OS X El Capitan v10.11, released on September 30, 2015. Users should update to OS X 10.11 or later. No workarounds are provided for earlier versions. [1]