This vulnerability, tagged as ‘critical’ is found in Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Once successfully exploited, it could cause crash and allow remote attackers to take control of the affected system. As such, this compromises the security of the systems.
We are currently monitoring this for any attacks or threats that may leverage this vulnerability. Adobe will release an emergency patch to address the said vulnerability.
Trend Micro researchers discovered a vulnerability that affects OS X below 10.11.3. It occurs by sending one special constructed IOConnectCallMethod requests to AppleGraphicsPowerManagement module. If an attacker sends a request once, Kernel memory heap corruption happens in method AppleGraphicsPowerManagement`AGPM:etBoost. As such, this would lead an attacker to execute arbitrary code with Kernel privileges.
While this vulnerability is not easy to exploit due to the lack of Kernel information leak and heap control, we recommend users to upgrade their OS X to latest version.
This vulnerability affects OS X below 10.11.3. It occurs by sending two special requests to IOAcceleratorFamily2 module. As such, an array overflow happens in method IOAccelDispalyMachine2::getFramebufferCount. This may lead to local privilege escalation. While this vulnerability is not easy to exploit, we advise users to upgrade their OS X to the latest version.
Trend Micro researcher Juwei Lin disclosed details about this vulnerability to Apple.
Trend Micro researchers discovered this vulnerability which is rated by Apple as ‘Critical.’ It affects OS X below 10.11.3 and iOS below 9.2.1. Once successfully exploited, an attacker can execute arbitrary codes with Kernel privileges. In addition, once attackers bypass KASLR using vulnerability, they can root the affected system and/or device when a user installs and runs a malicious app.
We advise users to update their systems and devices to the latest OS X and iOS versions.