CVE-2015-7007
CVE-2015-7007
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/134072/Safari-User-Assisted-Applescript-Exec-Attack.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38535/unverifiedexploitdbwww.exploit-db.com/exploits/38535unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlhttp://packetstormsecurity.com/files/134072/Safari-User-Assisted-Applescript-Exec-Attack.htmlhttps://support.apple.com/HT205375https://www.exploit-db.com/exploits/38535/http://www.rapid7.com/db/modules/exploit/osx/browser/safari_user_assisted_applescript_exec