CVE-2013-3952

Name of the Vulnerable Software and Affected Versions XNU kernel in Apple Mac OS X version 10.8.x

Description The issue allows local users to defeat the KASLR protection mechanism. This is achieved through the fill pipeinfo function in bsd/kern/sys pipe.c by utilizing the PROC PIDFDPIPEINFO option to the proc info system call for a kernel pipe handle.

Recommendations For XNU kernel in Apple Mac OS X version 10.8.x, consider restricting access to the proc info system call to minimize the risk of exploitation. As a temporary workaround, limiting the use of the fill pipeinfo function may help until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.