Advisory Details

March 22nd, 2016

Apple OS X IOGeneralMemoryDescriptor Integer Overflow Privilege Escalation Vulnerability

ZDI-16-207
ZDI-CAN-3315

CVE ID CVE-2016-1753
CVSS SCORE 6.9, AV:L/AC:M/Au:N/C:C/I:C/A:C
AFFECTED VENDORS Apple
AFFECTED PRODUCTS OS X
VULNERABILITY DETAILS


This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file.

The specific flaw exists within the IOGeneralMemoryDescriptor interface. The issue lies in the failure to test user-supplied input for integer overflow. An attacker can leverage this to escalate their privileges and execute code under the context of the kernel.
ADDITIONAL DETAILS Apple has issued an update to correct this vulnerability. More details can be found at:
https://support.apple.com/en-us/HT206167
DISCLOSURE TIMELINE
  • 2015-11-02 - Vulnerability reported to vendor
  • 2016-03-22 - Coordinated public release of advisory
CREDIT Juwei Lin
Trend Micro
BACK TO ADVISORIES