Improper Pathname Validation in Kext Tools Allows Bypass of Kernel Extension Signature Requirements

Improper Pathname Validation in Kext Tools Allows Bypass of Kernel Extension Signature Requirements

CVE-2015-3709 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation.

Learn more about our User Device Pen Test.