Apple Watch Apple OS X Flaws Let Remote And Local Users Execute Arbitrary Code And Deny Service Vulnrerabilities
25 Mar. 2016
The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges.
The information has been provided by Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt; Ian Beer of Google Project Zero; Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc.; Muneaki Nishimura (nishimunea); j00ru; .
* Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1
* Apple iOS before 9.2, OS X after 10.11.2, tvOS after 9.1, and watchOS after 2.1
Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote or local user can cause denial of service conditions on the target system. A local user can obtain potentially sensitive information. A local user or an application can bypass security restrictions. A local user can gain system privileges on the target system. Apple Watch is affected.