CVE-2015-3693
CVE-2015-3693
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/36311unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00003.htmlhttp://support.apple.com/kb/HT204934http://support.apple.com/kb/HT204942http://www.securityfocus.com/bid/75495http://www.securitytracker.com/id/1032444http://www.securitytracker.com/id/1032755