Apple OS X Multiple Flaws Execute Arbitrary Code And Deny Service And Obtain Potentially Sensitive Information Vulnerabilities
31 Mar. 2016
AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.
The information has been provided by Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt; Ian Beer of Google Project Zero; Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc.; Muneaki Nishimura (nishimunea);.
* Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1
* Apple iOS after 9.2, OS X after 10.11.2, tvOS after 9.1, and watchOS after 2.1
Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote or local user can cause denial of service conditions on the target system. A local user can obtain potentially sensitive information. A local user or an application can bypass security restrictions. A local user can gain system privileges on the target system. Apple Watch is affected.