Zero Address Execution in AppleIntelBDWGraphics (CVE-2015-7076)
DESCRIPTION
Apple has released a security bulletin which covers several vulnerabilities, including CVE-2015-7076, which our security researcher, Juwei Lin discovered and reported to the said company. Apple has credited Lin for his research contribution.
All systems which run on Mac OS X below 10.11.2 (OS X El Capitan) and Intel Graphics Driver AppleIntelBDWGraphics can be affected by this vulnerability. Note, however, that there are certain systems that installed Intel Graphics Driver AppleIntelBDWGraphics by default.
A local privilege escalation vulnerability exists when Intel Graphics Driver handles a special request from usermode. This vulnerability could let the local user be able to execute arbitrary code with system privileges. While Apple rated this vulnerability low since they employ mitigation technologies such as SMAP/SMEP, an attacker with minimal knowledge of IOKit can develop an exploit to abuse this security hole.
In order for the attackers to infect the vulnerable system, users need to execute a program containing an exploit send via spam email. When users execute this malicious program, it gets local system privilege thus enabling the attackers to control the system. This local privilege escalation vulnerability is typically use as part of an entire attack to enable to bypass sandbox and gain system privilege to do further actions thus compromising its (system) security.
Users are advised to update their systems to the latest Mac OS version.
SOLUTION
AFFECTED SOFTWARE AND VERSION
- Apple OS X El Capitan v10.11
- Apple OS X El Capitan v10.11.1
Featured Stories
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more