What is CVE-2015-7007?

CVE-2015-7007 is a vulnerability in Apple Mac_os_x. Published 2015-10-23.

Is CVE-2015-7007 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Mac_os_x

CVE-2015-7007

Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.

EPSS: 0.782 (99.0th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon

References

APPLE-SA-2015-10-21-4 (vendor-advisory, x_refsource_APPLE, Vendor Advisory)
product-security@apple.com (x_refsource_CONFIRM, Vendor Advisory)
38535 (exploit, x_refsource_EXPLOIT-DB)
product-security@apple.com (x_refsource_MISC)
product-security@apple.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-7007?: CVE-2015-7007 is a vulnerability in Apple Mac_os_x. Published 2015-10-23.
Is CVE-2015-7007 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.