Vulnerabilities > CVE-2015-7007 - Unspecified vulnerability in Apple mac OS X
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
Vulnerable Configurations
Exploit-Db
description | Safari User-Assisted Applescript Exec Attack. CVE-2015-7007. Remote exploit for osx platform |
file | exploits/osx/remote/38535.rb |
id | EDB-ID:38535 |
last seen | 2016-02-04 |
modified | 2015-10-26 |
platform | osx |
port | |
published | 2015-10-26 |
reporter | metasploit |
source | https://www.exploit-db.com/download/38535/ |
title | Safari User-Assisted Applescript Exec Attack |
type | remote |
Metasploit
description | In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a user can be tricked into running arbitrary Applescript code. Gatekeeper should be disabled from Security & Privacy in order to avoid the unidentified Developer prompt. |
id | MSF:EXPLOIT/OSX/BROWSER/SAFARI_USER_ASSISTED_APPLESCRIPT_EXEC |
last seen | 2020-06-01 |
modified | 2017-07-24 |
published | 2015-10-22 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/browser/safari_user_assisted_applescript_exec.rb |
title | Safari User-Assisted Applescript Exec Attack |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_10_11_1.NASL |
description | The remote host is running a version of Mac OS X that is 10.9.5 or later but prior to 10.11.1 It is, therefore, affected by multiple vulnerabilities in the following components : - Accelerate Framework (CVE-2015-5940) - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838) - ATS (CVE-2015-6985) - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003) - Bom (CVE-2015-7006) - CFNetwork (CVE-2015-7023) - configd (CVE-2015-7015) - CoreGraphics (CVE-2015-5925, CVE-2015-5926) - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017) - Directory Utility (CVE-2015-6980) - Disk Images (CVE-2015-6995) - EFI (CVE-2015-7035) - File Bookmark (CVE-2015-6987) - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018) - Grand Central Dispatch (CVE-2015-6989) - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021) - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939) - IOAcceleratorFamily (CVE-2015-6996) - IOHIDFamily (CVE-2015-6974) - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994) - libarchive (CVE-2015-6984) - MCX Application Restrictions (CVE-2015-7016) - Net-SNMP (CVE-2014-3565, CVE-2012-6151) - OpenGL (CVE-2015-5924) - OpenSSH (CVE-2015-6563) - Sandbox (CVE-2015-5945) - Script Editor (CVE-2015-7007) - Security (CVE-2015-6983, CVE-2015-7024) - SecurityAgent (CVE-2015-5943) Note that successful exploitation of the most serious issues can result in arbitrary code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 86654 |
published | 2015-10-29 |
reporter | This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/86654 |
title | Mac OS X < 10.11.1 Multiple Vulnerabilities |
Packetstorm
data source | https://packetstormsecurity.com/files/download/134072/safari_user_assisted_applescript_exec.rb.txt |
id | PACKETSTORM:134072 |
last seen | 2016-12-05 |
published | 2015-10-23 |
reporter | joev |
source | https://packetstormsecurity.com/files/134072/Safari-User-Assisted-Applescript-Exec-Attack.html |
title | Safari User-Assisted Applescript Exec Attack |
Saint
bid | 77266 |
description | Safari Script Editor AppleScript execution |
id | misc_macosx_version |
title | safari_script_editor_exec |
type | client |
References
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
- http://packetstormsecurity.com/files/134072/Safari-User-Assisted-Applescript-Exec-Attack.html
- http://www.rapid7.com/db/modules/exploit/osx/browser/safari_user_assisted_applescript_exec
- https://support.apple.com/HT205375
- https://www.exploit-db.com/exploits/38535/