The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.
Base Score: 6.8
Impact Score: 6.4
Exploitability Score: 8.6
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.9.4 (inclusive)
View all (2 total)