Race condition in the kernel in Apple iOS prior to 9.3 and OS X prior to 10.11.4 allows malicious users to execute arbitrary code in a privileged context via a crafted app.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x |
||
apple iphone os |
MacOS, iOS task threading was open to hijack
When Apple shipped its security bug-fixes earlier this week, one patch mostly passed under the radar. Ian Beer of Google Project Zero, who found a deep-down vulnerability in the XNU kernel, first reported it to Apple in February this year, and it took until now to clean it up properly. It took eight months, apparently, because of a basic architectural feature of the kernel: calling target functions directly instead of via the MIG IPC (Mach interface generator inter process communication) layer i...