(Pwn2Own\Pwn4Fun) Apple OS X IOKit Kernel Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within IOKit. The issue lies in the storage of kernel pointers in an object’s data structure that could be retrieved from userland. An attacker can leverage this vulnerability to leak kernel pointers.