Lucene search

K
zdiLiang Chen and Qidan He of KeenLab TencentZDI-16-345
HistoryMay 19, 2016 - 12:00 a.m.

(Pwn2Own) Apple OS X IntelAccelerator Out-Of-Bounds Indexing Privilege Escalation Vulnerability

2016-05-1900:00:00
Liang Chen and Qidan He of KeenLab Tencent
www.zerodayinitiative.com
16
apple
os x
intelaccelerator
out-of-bounds
indexing
privilege escalation
vulnerability
local attackers
arbitrary code
user interaction
malicious page
malicious file
flaw
handling
kext
blit3d_submit_commands
validation
bounds
vector
elevate privileges
kernel context

EPSS

0.003

Percentile

71.4%

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the IntelAccelerator kext. The issue lies in the blit3d_submit_commands function, which fails to properly validate the bounds of a vector. An attacker can leverage this vulnerability to elevate privileges and execute code within the context of the kernel.

EPSS

0.003

Percentile

71.4%