Apple OS X WindowServer _XSetPerUserConfigurationData Type Confusion Privilege Escalation Vulnerability

2016-11-15T00:00:00
ID ZDI-16-609
Type zdi
Reporter e048b7039acc9483d42ca9ef197bd909
Modified 2016-06-22T00:00:00

Description

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CoreGraphics module. The issue lies in the failure to properly validate user-supplied data which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges under the context of WindowServer.