Privilege Escalation via Writeconfig Client Location Restriction Bypass in Apple OS X

Privilege Escalation via Writeconfig Client Location Restriction Bypass in Apple OS X

CVE-2015-3673 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.

Learn more about our User Device Pen Test.