Advisory Details

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file.

The specific flaw exists within the DspFuncLib extension. The issue lies in the failure to properly handle error conditions leading to a dangling pointer being reused after it has been freed. An attacker can leverage this vulnerability to raise privileges and execute code under the context of root.

• 2016-04-01 - Vulnerability reported to vendor
• 2016-08-29 - Coordinated public release of advisory