|CVSS SCORE||6.9, (AV:L/AC:M/Au:N/C:C/I:C/A:C)|
The specific flaw exists within the handling of the IntelAccelerator kext. The issue lies in the blit3d_submit_commands function, which fails to properly validate the bounds of a vector. An attacker can leverage this vulnerability to elevate privileges and execute code within the context of the kernel.
Apple has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Liang Chen and Qidan He of KeenLab Tencent