Arbitrary Command Execution via Crafted Photo File Name in Apple OS X Spotlight

Arbitrary Command Execution via Crafted Photo File Name in Apple OS X Spotlight

CVE-2015-3716 · MEDIUM Severity

AV:L/AC:M/AU:N/C:P/I:P/A:P

Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library.

Learn more about our Web Application Penetration Testing UK.