|CVSS SCORE||6.9, (AV:L/AC:M/Au:N/C:C/I:C/A:C)|
The specific flaw exists within the DspFuncLib extension. The issue lies in the failure to properly handle error conditions leading to a dangling pointer being reused after it has been freed. An attacker can leverage this vulnerability to raise privileges and execute code under the context of root.
Apple has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Jack Tang and Moony Li of Trend Micro