CVE-2015-3781

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.10.5

Description The issue is related to a cross-site scripting (XSS) vulnerability in the Quick Look component. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search. The vulnerability exists due to insufficient protection of the web page structure.

Recommendations For Apple OS X versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Quick Look for searching previously visited web sites until the update is applied.