The extension APIs in the kernel in Apple iOS prior to 8.1.3, Apple OS X prior to 10.10.2, and Apple TV prior to 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for malicious users to bypass the ASLR protection mechanism via a crafted app.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple tvos |
||
apple iphone os |
||
apple mac os x |