|CVSS SCORE||6.9, (AV:L/AC:M/Au:N/C:C/I:C/A:C)|
The specific flaw exists within the handling of the AppleUpstreamUserClient kernel extension. The issue lies in the failure to validate the size of a buffer prior to accessing it. An attacker can leverage this vulnerability to execute code within the context of the kernel.
Apple has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Jack Tang of Trend Micro (@jacktang310)
Moony Li of Trend Micro