The IOHIDFamily API In Apple OS X Deny Service Let Local Users Obtain Potentially Sensitive Information And Gain Elevated Privileges Vulnerabilities
18 Mar. 2016
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service.
The information has been provided by Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt; Ian Beer of Google Project Zero; Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc.; Muneaki Nishimura (nishimunea); j00ru; .
*Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1
*Apple iOS after 9.2, OS X after 10.11.2, tvOS after 9.1, and watchOS after 2.1
Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote or local user can cause denial of service conditions on the target system. A local user can obtain potentially sensitive information. A local user or an application can bypass security restrictions. A local user can gain system privileges on the target system. Apple Watch is affected.