CVE-2016-1823
CVE-2016-1823
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/137397/OS-X-Kernel-Raw-Cast-Out-Of-Bounds-Read.htmlunverifiedcve_referencewww.exploit-db.com/exploits/39927/unverifiedexploitdbwww.exploit-db.com/exploits/39927unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2016/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlhttp://packetstormsecurity.com/files/137397/OS-X-Kernel-Raw-Cast-Out-Of-Bounds-Read.htmlhttps://bugs.chromium.org/p/project-zero/issues/detail?id=774https://support.apple.com/HT206564https://support.apple.com/HT206566https://support.apple.com/HT206567https://support.apple.com/HT206568https://www.exploit-db.com/exploits/39927/http://www.securityfocus.com/bid/90698