Array Overflow Vulnerability in IOAcceleratorFamily2 Module (CVE-2016-1718)

2016年4月5日

Email
Facebook
Twitter
Google+
Linkedin

危険度: : 中

CVE識別番号: CVE-2016-1718

情報公開日: 1 19, 2016

概要

This vulnerability affects OS X below 10.11.3. It occurs by sending two special requests to IOAcceleratorFamily2 module. As such, an array overflow happens in method IOAccelDispalyMachine2::getFramebufferCount. This may lead to local privilege escalation. While this vulnerability is not easy to exploit, we advise users to upgrade their OS X to the latest version.

Trend Micro researcher Juwei Lin disclosed details about this vulnerability to Apple.