Untrusted search path vulnerability in Apple OS X via a Trojan horse program - CVE-2015-7024ID: oval:org.secpod.oval:def:34185 | Date: (C)2016-04-28 (M)2021-07-09 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Mac OS X or Server 10.11.x before 10.11.1 and is prone to an untrusted search path vulnerability. A flaw is present in the application, which fails to properly handle a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature. Successful exploitation could allow local users to bypass intended Gatekeeper restrictions and gain privileges.
Platform: |
Apple Mac OS X 10.11 |
Apple Mac OS X Server 10.11 |