Zero Address Execution in AppleIntelBDWGraphics (CVE-2015-7076)
DESCRIPTION
Apple has released a security bulletin which covers several vulnerabilities, including CVE-2015-7076, which our security researcher, Juwei Lin discovered and reported to the said company. Apple has credited Lin for his research contribution.
All systems which run on Mac OS X below 10.11.2 (OS X El Capitan) and Intel Graphics Driver AppleIntelBDWGraphics can be affected by this vulnerability. Note, however, that there are certain systems that installed Intel Graphics Driver AppleIntelBDWGraphics by default.
A local privilege escalation vulnerability exists when Intel Graphics Driver handles a special request from usermode. This vulnerability could let the local user be able to execute arbitrary code with system privileges. While Apple rated this vulnerability low since they employ mitigation technologies such as SMAP/SMEP, an attacker with minimal knowledge of IOKit can develop an exploit to abuse this security hole.
In order for the attackers to infect the vulnerable system, users need to execute a program containing an exploit send via spam email. When users execute this malicious program, it gets local system privilege thus enabling the attackers to control the system. This local privilege escalation vulnerability is typically use as part of an entire attack to enable to bypass sandbox and gain system privilege to do further actions thus compromising its (system) security.
Users are advised to update their systems to the latest Mac OS version.
SOLUTION
AFFECTED SOFTWARE AND VERSION
- Apple OS X El Capitan v10.11
- Apple OS X El Capitan v10.11.1
Featured Stories
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
- Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more