The specific flaw exists within CoreCaptureResponder in IOKit. The issue lies with the failure to validate user-supplied arguments which can cause a null pointer dereference. An attacker can leverage this vulnerability to escalate privileges and execute code under the context of the kernel.
Apple has issued an update to correct this vulnerability. More details can be found at: