libnetcore in Apple iOS prior to 8.1.3, Apple OS X prior to 10.10.2, and Apple TV prior to 7.0.3 does not verify that certain values have the expected data type, which allows malicious users to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x |
||
apple tvos |
||
apple iphone os |