7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
Added: 11/02/2015
CVE: CVE-2015-7007
BID: 77266
Safari is a web browser for Mac OS X and Windows.
A vulnerability in the OS X Script Editor allows a malicious web page to execute arbitrary AppleScript code without user confirmation by enticing a user to type Control-R in Safari.
Upgrade to OS X 10.11.1 or apply Security Update 2015-007.
<https://support.apple.com/en-us/HT205375>
A user must load the exploit page in Safari and type Control-R in order for the exploit to succeed.
Mac OS X