Sandbox Escape: OSX ATS arbitrary free issue may lead to App Sandbox bypass

2014-02-26T00:00:00
ID H1:18849
Type hackerone
Reporter Unknown
Modified 1970-01-01T00:00:00

Description

This issue was reported directly to Apple and has been resolved in OSX Security Update 2014-001.

http://support.apple.com/kb/HT6150

> Available for: OS X Mavericks 10.9 and 10.9.1 > > Impact: The App Sandbox may be bypassed > > Description: An arbitrary free issue existed in the handling of Mach messages passed to ATS. This issue was addressed through additional validation of Mach messages. > > CVE-2014-1255 : Meder Kydyraliev of the Google Security Team