Apple macOS - Lack of Bounds Checking in HIServices Custom CFObject Serialization Local Privilege Escalation

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1219 HIServices.framework is used by a handful of deamons and implements its own CFObject serialization mechanism. The entrypoint to the deserialization code is AXUnserializeCFType; it reads a type field and uses that to index an...