CVE-2013-3954

Name of the Vulnerable Software and Affected Versions Apple Mac OS X version 10.8.x

Description The issue is related to the posix spawn system call in the XNU kernel, which does not properly validate data for file actions and port actions. This allows local users to cause a denial of service (panic) by providing a size value that is inconsistent with a header count field. Additionally, it enables local users to obtain sensitive information from kernel heap memory by using a certain size value in conjunction with a crafted buffer.

Recommendations For Apple Mac OS X version 10.8.x, consider applying configuration changes to restrict access to the posix spawn system call until a patch is available. As a temporary workaround, avoid using the posix spawn system call with crafted buffers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.