Apple OS X WindowServer _XSetDictionaryForCurrentSession Type Confusion Privilege Escalation Vulnerability

2016-12-15T00:00:00
ID ZDI-16-639
Type zdi
Reporter e048b7039acc9483d42ca9ef197bd909
Modified 2016-12-15T00:00:00

Description

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the CoreGraphics module. The issue lies in the failure to properly validate user-supplied data which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges under the context of WindowServer.