Privilege Escalation via Crafted Developer-Signed App in Apple OS X

Privilege Escalation via Crafted Developer-Signed App in Apple OS X

CVE-2015-7016 · HIGH Severity

AV:N/AC:H/AU:N/C:C/I:C/A:C

The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.

Learn more about our Web Application Penetration Testing UK.