First published: Fri Apr 10 2015(Updated: )
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.
Credit: product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPhone OS | <=8.2 | |
Apple tvOS | <=7.1 | |
Apple Mac OS X | <=10.10.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.