Safari Script Editor AppleScript execution

Added: 11/02/2015
CVE: CVE-2015-7007
BID: 77266

Background

Safari is a web browser for Mac OS X and Windows.

Problem

A vulnerability in the OS X Script Editor allows a malicious web page to execute arbitrary AppleScript code without user confirmation by enticing a user to type Control-R in Safari.

Resolution

Upgrade to OS X 10.11.1 or apply Security Update 2015-007.

References

https://support.apple.com/en-us/HT205375

Limitations

A user must load the exploit page in Safari and type Control-R in order for the exploit to succeed.

Platforms

Mac OS X

Back to exploit index