PT-2016-2071 · Apple · Os X

Ianbeer

Published

2016-05-20

Updated

2016-12-01

CVE-2016-1794

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.11.5

Description The issue is related to the AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service via a crafted app. This is due to errors in pointer dereferencing. Exploitation of the issue can enable a remote attacker to execute arbitrary code in a privileged context or cause a denial of service.

Recommendations For versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the AppleGraphicsControl component to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2016-01422

CVE-2016-1794

Affected Products

Os X

PT-2016-2071 · Apple · Os X

CVE-2016-1794

Weakness Enumeration

Related Identifiers

Affected Products

References · 10