4.8
MEDIUM

CVE-2015-3774

Published: 16/08/2015 Updated: 21/09/2017
CVSS v2 Base Score: 4.8 | Impact Score: 4.9 | Exploitability Score: 6.5

Vulnerability Summary

The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream.

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N
Access Complexity: LOW
Authentication: NONE
Access Vector: ADJACENT_NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Affected Products

Vendor Product Versions
AppleMac Os X10.10.4

References