CVE-2017-2436

CVE-2017-2436 concerns the IOFireWireAVC kernel extension in macOS Sierra (affected: macOS before 10.12.4). The connected documents reveal a concrete root cause: in IOFireWireAVCUserClient::CreateAVCAsyncCommand, the length parameter len is used to compute cmdLen, then a pointer from the user-con...

Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities

Binary data 700032.prm...

macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)

The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution...

macOS IOFireWireAVC Kernel Extension Out of Bounds Vulnerability（CVE-2017-2436）

Technical Details The vulnerable code can be found in IOFireWireAVC-424/IOFireWireAVC/IOFireWireAVCUserClient.cpp: ... case kIOFWAVCUserClientCreateAsyncAVCCommand: result = CreateAVCAsyncCommandUInt8arguments-structureInput, UInt8arguments-structureOutput, arguments-structureInputSize,...