coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.
AV:N/AC:L/Au:N/C:C/I:C/A:CApple Mac Os X
OSApple≤ 10.10.1
Related vulnerabilities
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash ...