The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS prior to 8.3, Apple OS X prior to 10.10.3, and Apple TV prior to 7.2 do not properly perform privilege drops, which makes it easier for malicious users to execute code with unintended user or group privileges via a crafted app.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone os |
||
apple tvos |
||
apple mac os x |