The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.
Base Score: 6.8
Impact Score: 6.4
Exploitability Score: 8.6
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.10.3 (inclusive)
View all (3 total)